BlackBasta Compromised MGF Sourcing
BlackBasta ransomware hackers announced that they’ve compromised US-based MGF Sourcing. According to the original post, the leak resulted in 500 GB of compromised data. MGF Sourcing has not commented on the breach yet.
- The hackers gave the victim up to 8 days to contact them for negotiations before leaking the stolen data publicly
- Among the leaked data, there is information about HR, corporate financial numbers, and client data
- The hackers posted several screenshots to confirm the leak and that the stolen data is indeed in their possession
- BlackBasta is a prominent and feared veteran in the ransomware space, being active since early 2022
BlackBasta has ramped up its activity over the past year, which was already happening across the board in the ransomware sphere. All major and upcoming ransomware organizations have increased their activity over the past 12 months.
There’s no clear explanation as to why, but there are some speculations. One of them refers to the victims being more willing to pay the ransom due to the hackers’ proficiency. More successful breaches result in more leaked data.
This, in turn, results in bigger ransoms being paid more often. It’s not difficult to see why the ransomware sphere is blooming at the moment.
When it comes to BlackBasta, the organization has been fairly active since its inception. The hackers have also targeted high-profile institutions and sometimes demanded exorbitant ransoms. There are no clear figures on the payment rate.
BlackBasta advertises itself as a RaaS (Ransomware-as-a-Service), which means that they rely on affiliates to do the work for them. The affiliates conduct the operations using the BlackBasta malware and get paid most of the earnings.
The gang itself only gets a percentage fee (typically 10-30%, depending on the case.)
What Do We Know About BlackBasta?
BlackBasta isn’t necessarily any more innovative and dangerous than other high-end ransomware gangs. But it’s worth mentioning that the organization is the successor of Conti, which was once considered the most prolific and dangerous gang in the world.
During its lifespan, Conti had produced more than 1,000 high-profile victims around the world and got in excess of $150 million in ransom payments. Conti died out in 2022, shortly after announcing their support for Russia after Putin decided to invade Ukraine.
Because of that, Conti’s victims refused to pay any more ransoms. Not because of ideological reasons but rather legal and financial ones. Conti was known to be of Russian descent, and paying ransoms to Russian gangs could stain the victims’ reputation.
So, Conti had no choice but to burn its identity. BlackBasta is just one of the several ransomware gangs that is said to be Conti’s successor. In reality, Conti spread out its assets, manpower, and tools across several ransomware actors.
This is how ransomware gangs go out: they repurpose themselves and reorganize their resources. They never die out completely.
When it comes to dealing with BlackBasta, Conti’s story of decline provides us with a very compelling hint: don’t pay the ransom. If nobody would pay any ransom ever, ransomware gangs would cease to exist.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
