A trove of chat logs allegedly belonging to the Black Basta ransomware group has leaked online, exposing key members of the prolific Russia-linked gang.
The chat logs, which include over 200,000 messages spanning from September 18, 2023, to September 28, 2024, were shared with threat intelligence company Prodaft by a leaker. The cybersecurity firm says the leak comes amid “internal conflict” within the Black Basta group after some members allegedly failed to provide its victims with functional decryption tools despite paying a ransom demand.
It’s not yet known if the leaker, who uses the alias “ExploitWhispers” on Telegram, was a member of the Black Basta gang.
Black Basta is a prolific Russian-language ransomware gang, which the U.S. government has linked to hundreds of attacks on critical infrastructure and global businesses, whose publicly known victims include U.S. healthcare organization Ascension, U.K. utility company Southern Water, and British outsourcing giant Capita. The leaked chat logs give a never-before-seen look inside the ransomware gang, including some of its unreported targets.
According to a post on X by Prodaft, the leaker said that the hackers “crossed the line” by targeting Russian domestic banks.
“So we are dedicated to uncovering the truth and investigating Black Basta’s next steps,” the leaker wrote.
Targeted victims, exploits, and a teenage hacker
TechCrunch obtained a copy of the hackers’ chat logs from Prodaft, which contain details about key members of the ransomware gang.
These members include “YY” (Black Basta’s main administrator); “Lapa” (another of Black Basta’s key leaders); “Cortes” (a hacker linked to the Qakbot botnet); and “Trump” (also known as “AA” and “GG”).
The hacker “Trump” is believed to be an alias used by Oleg Nefedovaka, who Prodaft researchers describe as “the group’s main boss.” The researchers linked Nefedovaka to the now-defunct Conti ransomware group, which shut down soon after its internal chat logs leaked following the gang declared its support for Russia’s full-scale invasion of Ukraine in 2022.
... continue reading