Security Researchers Breached Server of Russia's 'Black Basta' Ransomware Gang

Long-time Slashdot reader Beave writes: Security researchers and practitioners at Quadrant Information Security recently found themselves in a battle with the Russian ransomware gang known as 'Black Basta'... Quadrant discovered the Russian gang attempting to exfiltrate data from a network. Once a victim's data is fully exfiltrated the gang then encrypts workstations and servers, and demands ransom payments from the victim in order to decrypt their data and to prevent Black Basta from releasing exfiltrated data to the public.

Fortunately, in this case, Black Basta didn't make it that far. Instead, the security researchers used the opportunity to better understand Black Basta's 'backend servers', tools, and methods. Black Basta will sometimes use a victim's network to log into their own servers, which leads to interesting opportunities to observe the gang's operations...

The first write up goes into technical details about the malware and tactics Black Basta used. The second second write up focuses on Black Basta's 'backend' servers and how they manage them. TLDR? You can also listen to two of the security researchers discuss their findings on the latest episode of the 'Breaking Badness' podcast.

The articles go into great detail - even asking whether deleting their own exfiltrated data from the gang's server 'would technically constitute a federal offense per the 'The Computer Fraud and Abuse Act' of 1986.'

Read more of this story at Slashdot.