Black Basta, Branch Of Russia's Konti, Earns More Than IDR 1.5 Trillion In A Year

JAKARTA - A report published on Wednesday, November 29 revealed that cyber disruption groups suspected to be branches of the Russian Konti hacker group have managed to raise more than 100 million US dollars (Rp 1.5 trillion) since it emerged last year.

Elliptic digital currency tracking services and insurance company Corvus said in a joint report that cybercriminals seeking ransom known as "Black Basta" had extorted at least 107 million US dollars (Rp1.6 trillion) in bitcoin, where most of the ransom payments cleaned flowed into the sanctioned Russian crypto exchange, Garantex.

Attempts to contact Black Basta via its darkweb site were unsuccessful. Garantex, which was sanctioned by the US Treasury Department in April last year, did not immediately respond to messages.

Elliptic cofounder Tom Robinson said that this large result led to Black Basta "one of the most profitable types of ransomware of all time." He said researchers reached the mark by identifying ransom payments known to be linked to the group and tracking how the digital currency was cleared, which revealed additional payments.

Robinson said the drills also revealed the move of several million dollars from a crypto wallet linked to Konti - a ransomware group that is now no longer operating - to Black Basta, which he said provided "significant new evidence" that the latter was a branch of the first.

Konti used to be one of the most successful ransomware groups - a group that rocked victims either by encrypting their data and demanding money to open it, threatening to publish stolen information to the web, or both.

The Russian-based group dismantled the leak site after a full Kremlin-scale invasion of Ukraine in early 2022 and offered a reward from the US to its leadership that year, but researchers have long suspected that the group was only reorganizing and rebranding.

"Konti is probably the most successful ransomware group we've ever seen," Robinson said. Recent findings suggest that "some of the individuals responsible are replicating their success with the Black Basta ransomware."