From infostealer to ransomware: Infostealers are malware programs designed to scrape login information stored inside browser password stores and other applications. These threats are increasingly being offered as a service on cybercriminal forums, and according to a recent study, their prevalence has increased three-fold over the past year. The information stolen by such tools, known as infostealer logs, has increased by 50% on the dark web over the same time.KELA researchers highlight one example where such information enabled Black Basta attackers to compromise a Brazilian software and tech support company. The company was compromised around Oct. 18, 2013, using RDweb login credentials that originally appeared in infostealer logs in March 2013.Evidence from the Black Basta logs shows attackers sharing additional hashed credential dumps from the company, suggesting they were engaged in lateral movement. It took the attackers six months to obtain useful initial access credentials from an infostealer data dump and then only two days to compromise a company, exfiltrate data for extortion, and deploy the ransomware.What’s scarier is that the same infostealer log that contained the initial access credentials, also contained 50 other credentials, some of which appear related to clients of the Brazilian software company. The KELA researchers conclude that the data was likely stolen by compromising the machine of a technical support employee.”This structured approach, from initial access to data theft and public extortion, showcases Black Basta’s strategic use of compromised credentials, internal reconnaissance, and victim profiling to maximize the impact of their ransomware campaigns,” the researchers wrote.See also:
5 things to know about ransomware threats in 2025Ransomware gangs extort victims 17 hours after intrusion on averageEmerging ransomware groups on the rise: Who they are, how they operate
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3836040/ransomware-access-playbook-what-black-bastas-leaked-logs-reveal.html
