Life Story of a Well-Connected Ransomware HackerAnalyst1's Chief Security Strategist Jon DiMaggio on Ransomware Affiliate Hacking
A ransomware affiliate hacker known as "Bassterlord" has been involved with REvil, LockBit, Avaddon and Ransomware X. Jon DiMaggio, chief security strategist at Analyst1, convinced Bassterlord to talk about his hacking career in chats that may - or may not - amount to an exit interview from the Russian-speaking cybercriminal scene.
"At the end of the day, crime doesn't pay," DiMaggio said. "This guy has got all these issues - health and mental issues. He's on antidepressants. He has panic attacks. He's constantly looking over his shoulder."
DiMaggio adopts fake personae to infiltrate the online worlds inhabited by ransomware hackers, such as LockBit. He made contact with Bassterlord after specifically looking for affiliate hackers to make contact with.
"I wanted to focus on an affiliate because affiliates are the ones that work with ransomware groups," Di Maggio said. Bassterlord, it turns out, lives in a Russian-controlled area of Ukraine and earned money not only by hacking but also by training new cybercriminals.
In this video interview with Information Security Media Group at RSA Conference 2023, DiMaggio also discusses:
- Why his claim that he earned $1 million through ransomware hacking is probably an understatement;
- Why Bassterlord's immediate future looks bleak;
- Why you can't trust ransomware groups' claims that they'll delete data after payment.
DiMaggio has more than 15 years of experience hunting, researching and writing about advanced cyberthreats. As a specialist in enterprise ransomware attacks and nation-state intrusions, he went undercover to infiltrate one of the world's most notorious ransomware gangs, LockBit, and exposed the criminal cartels behind major ransomware attacks.