Hackers get hacked - Black Basta ransomware gang chat logs leaked
Learn More
A data leak has exposed the internal operations of the Black Basta ransomware gang through the leak of their chat logs.
The Black Basta Ransomware-as-a-Service (RaaS) operation, active since April 2022, has had significant impact - over 500 organizations breached between April 2022 and May 2024 (according to CISA and FBI) and approximately $100 million in ransom payments collected from over 90 victims (until November 2023).
The leak was carried out by an individual with the handle ExploitWhispers, who initially shared the data on MEGA file-sharing platform and later moved it to a dedicated Telegram channel after the MEGA content was removed.
The leaked data covers communications from September 18, 2023, to September 28, 2024, and includes:
- Phishing templates and target email lists
- Cryptocurrency wallet addresses
- Data breach information
- Victim credentials
- 367 unique ZoomInfo links (indicating potential target organizations)
- Information about key gang members including:
- Lapa (administrator)
- Cortes (linked to Qakbot group)
- YY (main administrator)
- Trump/GG/AA (believed to be Oleg Nefedovaka, group leader)
The true identity of ExploitWhispers (whether a security researcher or disgruntled insider) remains undisclosed.
The leak's timing coincides with reported internal conflicts within the group and alleged attacks on Russian banks. According to PRODAFT, some operators had been scamming victims by collecting ransoms without providing working decryptors. The cyber threat intelligence company suggests the leak might be retribution for the group's targeting of Russian financial institutions.
