The BlackBasta Ransomware gang has been causing havoc across a spectrum of organizations, targeting nearly 500 entities from April 2022 to May 2024, as per a report jointly released by the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
The group, notorious for its ransomware-as-a-service approach, has struck critical infrastructure organizations in the United States, numbering approximately 16 alone. Mainly focusing on healthcare-related entities in Australia, Europe, and North America, BlackBasta’s victim roster includes prominent names like Rheinmetall of Germany, Hyundai’s European Division, Capita, ABB, the Toronto Public Library, the American Dental Association, Sobeys, Yellow Pages Canada, and many others.
Meanwhile, a separate report titled “State of the Ransomware 2024,” issued by Sophos, reveals a staggering 500% increase in the average ransom payments by victims in 2023. Ranging from a minimum of $2 million to as high as $400,000, these payments indicate a concerning trend. Small criminal groups deploying malware are now demanding at least $1 million, with 30% of demands in 2023 falling between $3 million to $5 million.
The question arises: are these gangs making substantial profits? While the numbers may suggest so, the success rate is relatively low, with only 2% to 4% of targeted organizations succumbing to the demands. Many either evade the attack or refuse to comply.
Sophos‘ survey underscores another alarming trend: hackers are infecting backup copies and data continuity systems, leaving victims with limited options beyond paying in cryptocurrency. Despite proactive measures like threat monitoring solutions, no data storage is immune to ransomware attacks.
Moreover, paying the ransom doesn’t guarantee a decryption key, nor does it ensure that hackers won’t sell or leak stolen data on the dark web—a tactic known as double extortion. Change Healthcare’s ordeal serves as a stark example: despite shelling out $22 million in cryptocurrency to ALPHV or BlackCat ransomware group in March 2024, the company now faces another threat from RansomHUB, demanding an additional $15 million to prevent the sale of stolen data on the dark web.