Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Crime

Security Researchers Breached Server of Russia's 'Black Basta' Ransomware Gang (quadrantsec.com) 9

Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as "Black Basta"... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's "backend servers", tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's "backend" servers and how they manage them.

TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the "Breaking Badness" podcast.

The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server "would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986."
This discussion has been archived. No new comments can be posted.

Security Researchers Breached Server of Russia's 'Black Basta' Ransomware Gang

Comments Filter:

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...