A year ago a new Ransomware Group hit the internet. They hit large corporations and bank institutes.
About a week ago I was asked to help a company track down some fraudulent charges on their bank account via printed checks with company account number and other information.
Long story short, I found out the bank had lied to it’s customers on a web security news release back in 2022 and stated it was a network breach and never mentioned that the customer data was copied and would be released online if the bank did not pay the ransom.
The data is on the Dark Web and is still after a year being downloaded daily.
So what did I find?
Let’s begin with the Notice of a Cybersecurity incident posted via the New Peoples Bank back in June 2022: https://www.newpeoples.bank/ContentDocumentHandler.ashx?documentId=74504
One part stood out to me… “we have been working around-the-clock to quickly and safely restore our systems from backups and resume normal operations” Hmm, sounds like a ransomware attack.
Next step was to find information on whom may have been responsible for the attack and that did not take long to find. A quick Google search led me here: https://www.redpacketsecurity.com/black-basta-ransomware-victim-new-peoples-bank/
Another quick Google search led me to more information about the group: https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-blackbasta
The image below shows what I found on the Dark Web:
Digging a little deeper led me to the leaked data and as you can see by the size of the files, this had to have took some time to copy from NPB server to the Black Basta server.
I had noticed that the leaked data has been accessed almost 10,000 times since it was uploaded.
I decied to dig a little deeper into the ransomware and was able to find a copy of the ransomware code and begain looking at it. All I can say is very interesting. Check out this deep dive into the Black Basta ransomware: https://securityscorecard.com/research/a-deep-dive-into-black-basta-ransomware/
Let’s see what else we can find:
As you can see by the images below, they are still getting hit by leaked information.
I’m not finished, but until next time.
-jT @majorjoker