A joint research effort by Corvus Insurance and blockchain analytics vendor Elliptic has revealed that the Black Basta ransomware gang has generated over $100 million in revenue since April 2022. This group, believed to be a spin-off of the Conti group [1], poses a significant threat and has targeted more than 300 victims.


By analyzing payments made to their known cryptocurrency wallet addresses [1], it is estimated that Black Basta has collected at least $107 million in criminal proceeds. Out of the 300+ victims targeted [1], at least 90 have paid the ransom demands [1]. The largest ransom received by the group was $9 million, with 18 others exceeding $1 million [1]. It is important to note that these figures may be conservative [1] [3], as there may be additional ransom payments that have not been identified yet [1] [3]. Some of these payments may also be related to Conti ransomware attacks due to the overlap between the two groups [1].

In light of these findings, Corvus Insurance recommends that enterprises prioritize certain security measures to mitigate the risk of falling victim to ransomware attacks. These measures include implementing robust email protection and endpoint detection and response (EDR) systems, utilizing multifactor authentication (MFA) [2] for remote access and administrative accounts, and ensuring that all systems and software are kept up-to-date with the latest security patches. By taking these proactive steps, organizations can significantly enhance their defenses against ransomware groups like Black Basta, who employ complex techniques to evade law enforcement and launder their ill-gotten gains.


The revenue generated by the Black Basta ransomware gang highlights the urgent need for organizations to strengthen their cybersecurity defenses. Implementing the recommended security measures, such as robust email protection, EDR systems, MFA, and regular software updates, can help mitigate the risk of falling victim to ransomware attacks. It is crucial for enterprises to stay vigilant and proactive in the face of evolving threats posed by groups like Black Basta, who continue to exploit vulnerabilities and evade law enforcement. By prioritizing cybersecurity, organizations can protect themselves and their valuable assets from the devastating impacts of ransomware attacks.


[1] https://ciso2ciso.com/black-basta-ransomware-operation-nets-over-100m-from-victims-in-less-than-two-years-source-go-theregister-com/
[2] https://www.corvusinsurance.com/blog/black-basta-ransomware-has-extracted-over-100-million-from-its-victims
[3] https://www.infosecurity-magazine.com/news/black-basta-ransomware-group-100/