Stolen passwords and 2Fa codes are running Ransomware attacks.
Google recently warned that it is time that we started treating online crime as a threat of national security. If you want to know why then do you not seek further than the constant chaos caused by Ransomware gangs; By the theft of data and exposure to increasingly worse warnings for the FBI business. It is not often that we have to look within the functioning of a Ransomware striker, however, but this is the possibility presented by the flow of internal writing of private conversations from the Black Basta crime group. Here’s what the intelligence analysts of the threat say.
Basta Basta Talking Register reveals how ransomware gangs work
Although it is not clear about the motive or process after the flow of about 200,000 private messages divided among members of the Black Basta Ransomware group on the matrix messaging platform that includes 12 months to September 2024, some theories have been presented by a disgruntled member in a cyber-vigilant and even full law enforcement. What we know is, as Alexander Martin, UK editor at News Future News, notes, “Some of the crew behind the Black Basta scheme were part of a criminal network that had previously operated brands and Ryuk Ransomware, as well as Trojan Banking TrickBot.” A dozen of these people have already been sanctioned by the implementation of Western law, Martin said, “which is understood to have continued to monitor their activities.”
Unbudied, the intelligence agencies of the threat have been spending a day on the ground with the analysis of the conversation records and the results have begun to appear. Kela, for example, has completed a deep diving in Black Basta and has now published her findings. The main receipt is that when it comes to the initial access, the first step in any successful Ransomware attack, Black Basta seemed to compromise mainly desktop protocol, VPN and security portals. Given the success of Malware Infostealer in obtaining credentials compromised on platforms and services, it is not surprising to learn that this also played a key role. In an attack analyzed by intelligence experts Kela Kela, credentials that were stolen six months ago were used for initial access. Not so much evidence that Ransomware groups will play the long game, but on the contrary, the infosteal registers have been patiently compiled and later sold in the criminal market. Kela described the data as a treasure trove of “usernames, passwords and certification data for different services”. When it came to that special attack, against a “Brazil -based company from the production sector and industrial products”, Kela’s analysts said they found 50 compromised credentials as shown by a technical support employee infected by Malware Infostealer. “After the attack,” Kela’s report announced, “the same credentials were divided more than 20 times into different telegram channels, allowing additional compromises if the approach was not secured after the incident.”
Phishing and the brutal force used by Ransomware attackers
The Ontinue advanced operations team also analyzed data from Black Basta Leak and revealed that “large -scale phishing campaigns aimed at Microsoft services such as Office 365 and Azure” were used to “tap the input credentials and cookies, bypassing MFA protections”. Credentials from the Infostealer registers were also used in brutal forced attacks against “VPN and Firewall Products including: Citrix, Checkpoint, Sonicwall, Pulse Secure, Screennect, GlobalProtect, Juniper Secure Connect, RDP and RDWEB,” the report said.
Meanwhile, Saeed Abbasi, a manager in the Qualys threat research unit, has warned that Black Basta operated as a business, although a criminal enterprise, and had operations giving priority to strategic partnership partnerships with other ransomware groups to share Intel, income and industry revenues and industry revenues Even monitoring the reputation in cyberats in cybernetics, to see the defects and competition of competition and their thoughtful competitions of their business.
“Understanding the nature of the online crime business is essential for defenders,” Abbasi concluded; “These actors think strategically, adapt to market conditions and even deal with internal conflicts – just like any legitimate enterprise.” If enterprises do not embrace the immediate strategies of the patch, stronger entry controls and rapid incident response protocols, the fight against the Ransomware may end before it begins.