惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

阮一峰的网络日志
阮一峰的网络日志
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Schneier on Security
The Last Watchdog
The Last Watchdog
Cyberwarzone
Cyberwarzone
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
Cyber Attacks, Cyber Crime and Cyber Security
L
Lohrmann on Cybersecurity
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 司徒正美
The Cloudflare Blog
V
V2EX
博客园_首页
博客园 - 聂微东
Vercel News
Vercel News
人人都是产品经理
人人都是产品经理
G
GRAHAM CLULEY
T
Tenable Blog
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
L
LINUX DO - 最新话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
SecWiki News
SecWiki News
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
N
News | PayPal Newsroom
T
The Blog of Author Tim Ferriss
The GitHub Blog
The GitHub Blog
T
Troy Hunt's Blog
博客园 - 【当耐特】
Forbes - Security
Forbes - Security
H
Hacker News: Front Page
A
About on SuperTechFans
B
Blog RSS Feed
Engineering at Meta
Engineering at Meta
MongoDB | Blog
MongoDB | Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
罗磊的独立博客
D
DataBreaches.Net
P
Privacy & Cybersecurity Law Blog
Schneier on Security
Schneier on Security
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Jina AI
Jina AI
D
Docker
P
Proofpoint News Feed

Ransomware – ThreatDown by Malwarebytes

Prinz Eugen ransomware: a deep dive into a new Go-based encryptor - ThreatDown by Malwarebytes The anatomy of an Akira ransomware attack AI-orchestrated cyberattacks Tracking remote ransomware attacks at their source Ransomware in April 2025—RansomHub is gone Ransomware in March 2025 Living Off the Land (LOTL) Attacks: Detect Ransomware Gangs - ThreatDown by Malwarebytes One in five Fortune 500 companies had leaked credentials in the past 30 days - ThreatDown by Malwarebytes Ransomware group Mora_001 targets Fortinet applications - ThreatDown by Malwarebytes Ransomware in February 2025—Cl0p and RansomHub run riot - ThreatDown by Malwarebytes
Infighting brings down the Black Basta ransomware group
Pieter Arntz · 2025-02-26 · via Ransomware – ThreatDown by Malwarebytes
Black Basta

It seems that internal struggles lead to the break-down of one of the last ransomware-as-a-service giants.

After almost three years near the top of the ransomware food chain, the notorious Black Basta group is offline.

Onion site not found

The cause appears to be infighting among the executives at the ransomware-as-a-service (RaaS) group, which culminated in one of its leading members leaking the group’s internal chat logs last week.

As we pointed out in our recent 2025 State of Malware report, the ransomware landscape has fractured significantly in the last few years. The influence of large ransomware groups like LockBit, ALPHV and Black Basta has waned as a multitude of little known “dark horse” gangs has emerged.

Until recently, Black Basta was an exception to that trend and was a regular in the top 10 most active ransomware groups in our monthly ransomware reports.

But this year, the decline started and one of the last giants seem to have suffered a number of problems:

  • Victims reported never receiving a working decryption key.
  • Key members left the group to join others.
  • Internal fighting over which targets were off limits.

Reportedly, the last fallout occurred after an affiliate launched a brute-force attack against a Russian bank. Ransomware groups typically avoid attacking targets inside Russia and the Commonwealth of Independent States, where they enjoy safe haven.

Attacking Russian banks could invoke the wrath of the Russian authorities, which were otherwise turning a blind eye.

An individual posting under the handle ExploitWhispers wrote:

ExploitWhispers post
ExploitWhispers’ post

[translation]A place to discuss the main news about Black Basta, one of the biggest ransomware groups in Russia, which recently hacked domestic banks. With such deeds we can say that they crossed the line, that’s why we are dedicated to uncovering the truth and to investigate Black Basta’s next steps. Here you can find information you can trust and read all in one channel.

Our exclusive access provides thorough, objective and trustworthy information available by following this link.

The chat logs include almost 200,000 messages from September 2023 to September 2024. From the chat logs, researchers have learned a lot about some of the organizations’ key players, their internal power struggles, and their financial scams.

The logs also confirm one thing we already suspected: That many of the key players in Black Basta were previously active in the Conti group. Ironically enough, Conti also imploded after its chat logs were leaked online.

Since the affiliates working with Black Basta will undoubtedly find another RaaS group to work with, the tactics, techniques, and procedures we previously wrote about are still valid. Some of Black Basta’s key players have reportedly moved to the Cactus group, so that might also be a logical next home for the affiliates.