A large group of chat logs, allegedly belonging to the Black Bustaro Ransomware group, have been leaked online, revealing key members of the prolific gangster associated with Russia.
From September 18, 2023 to September 28, 2024 to September 28, 2024, chat logs containing over 200,000 messages were shared with leaker threat intelligence company Prodaft. The leak is said to have failed to provide victims with functional decryption tools despite some members paying for ransom demand, and the leak is “all about the Black Busta Group” It says that it will come in the midst of an internal conflict.
It is not yet known whether the leaker using “ExploitWhispers” on Telegram was a member of the Black Basta Gang.
Blackbusta is a Russian ransomware gang linked by the US government to hundreds of attacks on critical infrastructure and global businesses, and its publicly known victims have been found to have a US medical institution. includes the Ascension, the British utility company Southern Water, and the British outsing giant Capita. Leaked chat logs give you an unprecedented look among ransomware gangs, including some of the unreported targets.
According to a X post by Prodaft, the leaker said the hackers “crossed the line” by targeting domestic Russian banks.
“So we are dedicated to uncovering the truth and investigating the next steps in Black Busta,” writes Leaker.
Targeted victims, exploits, and teen hackers
TechCrunch has obtained a copy of the hacker's chat log from Prodaft, which contains details about key members of the ransomware gang.
These members include “YY” (the main administrator of Black Busta). “Rapah” (another important leader of Black Busta); “Cortes” (hacker linked to Qakbot Botnet); and “Trump” (also known as “AA” and “GG”).
Hacker “Trump” is believed to be an alias used by Oleg Nefedovaca, whom Product researchers describe as “the group's main boss.” Researchers linked Nefedovaka to the now deprecated Conti Ransomware group. This was closed shortly after internal chat logs were leaked after the gang declared support for Russia's full-scale invasion in Ukraine in 2022.
Leaked Black Basta Chat Logs estimates that one member is 17 years old.
In our count, the leaked chats contain 380 unique links related to company information hosted on Zoominfo, the data broker that collects and sells access to businesses and their employees. Masu. The link also suggests the number of organizations the gang will target over the course of 12 months.
The chat log also reveals unprecedented insights into group operations. The message includes details about the Black Busta victims, copies of phishing templates used in cyber attacks, some of the exploitation used by gangs, cryptocurrency addresses related to ransom payments, ransom demands and hacked. It includes details regarding victim negotiations with the organization.
We also found chat logs of hackers discussing TechCrunch articles about ongoing Qakbot activities despite previous FBI takedown work aimed at knocking the infamous botnet offline. Ta.
TechCrunch also found chat logs that named several previously unknown target organizations. This includes the failed US automotive giant Fisker. Health Tech Provider Cerner Corp. is currently owned by Oracle. HotelPlan is a UK-based travel agency. It is not yet known whether the company has been breached, and neither of them responded to TechCrunch inquiries.
Chatlogs appear to show gang efforts to leverage security bugs in enterprise network devices, such as routers and firewalls that sit at the boundaries of the corporate network and act as digital gatekeepers.
Hackers boast the ability to exploit vulnerabilities in Citrix remote access products to infiltrate networks of at least two companies. The gang also spoke about leveraging vulnerabilities in Ivanti, Palo Alto Networks and Fortinet software to carry out cyberattacks.
Conversations between members of Blackbusta also suggest that some of the group were concerned that they would be investigated by Russian authorities in response to geopolitical pressures. Russia has long been a safe haven for ransomware gangs, but Blackbusta was also concerned about the actions brought on by the US government.
Messages sent after a group's ascension system violation could lead to agencies that warn FBI and CISA are “100% mandatory” to engage, leading to institutions that “take a tough stance on Black Busta” I warned him.
Black Busta's dark web leak site was used to publicly force victims to pay ransom demand for gangs, but at the time of publication it was offline.