Events , Fraud Management & Cybercrime , Ransomware
Life Story of a Well-Connected Ransomware Hacker
Analyst1's Chief Security Strategist Jon DiMaggio on Ransomware Affiliate HackingA ransomware affiliate hacker known as "Bassterlord" has been involved with REvil, LockBit, Avaddon and Ransomware X. Jon DiMaggio, chief security strategist at Analyst1, convinced Bassterlord to talk about his hacking career in chats that may - or may not - amount to an exit interview from the Russian-speaking cybercriminal scene.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
"At the end of the day, crime doesn't pay," DiMaggio said. "This guy has got all these issues - health and mental issues. He's on antidepressants. He has panic attacks. He's constantly looking over his shoulder."
DiMaggio adopts fake personae to infiltrate the online worlds inhabited by ransomware hackers, such as LockBit. He made contact with Bassterlord after specifically looking for affiliate hackers to make contact with.
"I wanted to focus on an affiliate because affiliates are the ones that work with ransomware groups," Di Maggio said. Bassterlord, it turns out, lives in a Russian-controlled area of Ukraine and earned money not only by hacking but also by training new cybercriminals.
In this video interview with Information Security Media Group at RSA Conference 2023, DiMaggio also discusses:
- Why his claim that he earned $1 million through ransomware hacking is probably an understatement;
- Why Bassterlord's immediate future looks bleak;
- Why you can't trust ransomware groups' claims that they'll delete data after payment.
DiMaggio has more than 15 years of experience hunting, researching and writing about advanced cyberthreats. As a specialist in enterprise ransomware attacks and nation-state intrusions, he went undercover to infiltrate one of the world's most notorious ransomware gangs, LockBit, and exposed the criminal cartels behind major ransomware attacks.