被稱為Tramp的新的勒索軟件遵循與臭名昭著的黑色巴斯塔小組相同的攻擊模式,導致安全研究人員調查它是採用其方法的直接後繼者還是獨立的組或個人。
Black Basta分支機構已知,以利用利用漏洞,並濫用有效的憑證來獲得受害者網絡的初始接收。流浪漢使用的近乎相同的方法表明了共享基礎架構或人員的可能性。
記錄顯示了Tramp與Lockbit 2.0和3.0的連接,他的活動在2022年至少在28個與Lockbit有關-gesis/“”>鏈接到虛擬機。
His role in ransomware dates even further back, with a consistent use of the highly insecure password “123123″for file protection, a pattern observed across multiple ransomware groups, including REvil and Conti.
In 2021, Tramp was involved in a dispute within REvil’s affiliate program, where he lost access to the ransomware negotiation platform and sought arbitration on a well-known cybercriminal forum. Using the handle washingt0n32, he claimed to have “more than 10 years”of experience in penetration testing, indicating that his involvement in cybercrime extends beyond ransomware into broader hacking activities.
Leaked Black Basta Chat Logs Hint at Tramp’s Origins
Evidence linking Tramp to Black Basta comes from exposed leaked internal conversations between Black Basta affiliates shared by PRODAFT on X, a cyber threat intelligence company that specializes in proactive cybersecurity solutions.
聊天日誌揭示了關於贖金定價和攻擊策略的內部爭議,其中一位成員說:“我們需要標準化贖金百分比。 Custom pricing is leading to too many inconsistencies.”
The leak also confirmed Black Basta’s move toward more advanced encryption tools and targeted attacks, which researchers believe may have contributed to the development of Tramp.
With Tramp’s operational model aligning so closely with Black Basta’s, analysts are investigating whether former members of the now-diminished group have resurfaced under a new identity.
🔍 As part of our continuous monitoring, we’ve observed that BLACKBASTA (Vengeful Mantis) has been mostly inactive since the start of the year due to internal conflicts. Some of its operators scammed victims by collecting ransom payments without providing functional decryptors.…
— PRODAFT (@PRODAFT) February 20, 2025
Tramp’s Connection to REvil and the Evolution of Ransomware Operations
The rise of Tramp follows a pattern seen repeatedly in ransomware operations, where one group disappears only for another to take its place using near-identical tactics.在Black Basta之前,RESOMWARE的主要力量是Revil的,它的大規模攻擊
Categories: IT Info
