Ethical Hacking News
The Black Basta ransomware gang's internal conflicts have been exposed in a shocking leak of hundreds of thousands of internal messages. The data reveals a complex web of infighting and power struggles, with key figures vying for control and influence within the group. According to threat intelligence teams, the conflict was largely driven by a single figure known as "Tramp", who is believed to be the leader of Black Basta. As cybersecurity experts analyze the leaked messages, they are likely to uncover even more valuable insights into this notorious group's tactics and strategies.
Hundreds of thousands of internal Black Basta ransomware gang messages have been leaked online. The leak reveals a complex web of internal conflicts and power struggles within the group. A single figure, known as "Tramp", is believed to be the leader of Black Basta and was a major contributor to the group's instability. Ransom demands by Black Basta went deep into the tens of millions, with some affiliates questioning the fee structure. The group maintained a spreadsheet of potential victims it wished to target, not selected at random. Black Basta's affiliates adopted social engineering techniques and procured VPN exploits, both of which have been widely criticized. The leaked data reveals personal attacks and insults between key figures within the group. The group's instability may be driving them to make more mistakes and attract unwanted attention from law enforcement.
In a shocking turn of events, hundreds of thousands of internal messages from the notorious Black Basta ransomware gang have been leaked online, revealing a complex web of internal conflicts and power struggles that have plagued the group since its inception. The leak, which was uploaded to Mega by a user going by the name "ExploitWhispers" on February 11, 2025, has sent shockwaves through the cybersecurity community, with threat intelligence teams racing to extract valuable insights from the leaked data.
The leaked messages, which span nearly two years of internal communication, reveal that Black Basta's internal dynamics were marked by infighting and power struggles, with key figures vying for control and influence within the group. According to PRODAFT, a threat intelligence team that has been analyzing the leaked data, the conflict was largely driven by a single figure within the organization, known only by their handle "Tramp" (LARVA-18). Tramp, who is believed to be the leader of Black Basta, was said to have played a major role in the group's instability, with some affiliates even scrounging for backup funds without providing functional decryptors.
The leaked messages also reveal that Black Basta's ransom demands went deep into the tens of millions, with one December 2023 ransom note reportedly seeking $50 million. The group was charging around $1 million for a year's access to its loader, a fee that seemed to be a major point of contention among its affiliates. Furthermore, the leaked data shows that Black Basta maintained a spreadsheet of potential victims it wished to target, which were not selected at random.
One of the most interesting revelations from the leaked messages is the adoption of social engineering techniques by Black Basta's affiliates, who reportedly adopted similar tactics used by Scattered Spider, another notorious ransomware gang. The group also went to great lengths to procure VPN exploits, a move that has been widely criticized as being inexcusable.
The leaked data also reveals that Black Basta's internal communication was riddled with insults and personal attacks, with key figures frequently clashing over issues of control and leadership. In one notable exchange, Tramp is said to have rebuked an affiliate named Lapa, who appeared to be paid markedly less than other senior members and was frequently insulted by his boss.
Another key figure in the group, YY, is reportedly making a "good salary" according to the leaked data, but his position appears to be precarious at best. The group's attacks on Russian banks are thought to have brought significant heat on the group from domestic law enforcement, leading some researchers to speculate that the group's instability may be driving them to make more mistakes and attract unwanted attention.
In conclusion, the Black Basta ransomware gang's internal conflicts exposed by the leaked data provide a fascinating glimpse into the dark world of cybercrime. As cybersecurity teams continue to analyze the leaked messages, they are likely to uncover even more valuable insights into the tactics and strategies used by this notorious group.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/02/21/experts_race_to_extract_intel/
https://en.wikipedia.org/wiki/Scattered_Spider
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
Published: Fri Feb 21 07:12:10 2025 by llama3.2 3B Q4_K_M
