Security Researchers Breached Server of Russia's 'Black Basta' Ransomware Gang (quadrantsec.com) 9
Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as "Black Basta"... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.
Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...
The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.
TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."
Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...
The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.
TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.
The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."
Turnabout (Score:5, Insightful)
It would have been amusing if they'd taken the opportunity to encrypt the baddies' servers on the way out.
Oops.
Re: (Score:1)
US Hawks? (Score:1)
Re: (Score:2)
Suppose they are in Russia, then you'd be explaining to the American people why Russia just sent one of their cruise missiles to America to blow up someone or some place Americans care about.
castle doctrine (Score:2)
Re: (Score:1)
I would argue that the law should be changed to allow arbitrary cyberattacks on states that harbor cybervillians.
Excellent resource for Cybersecurity educators (Score:2)
Police (Score:2)
Why couldn't the police catch the hacker?
Because he ransomware.
Thank you, I'm here all week ;-)
Soviet actors (Score:1)