Events , Fraud Management & Cybercrime , Ransomware

Life Story of a Well-Connected Ransomware Hacker

Analyst1's Chief Security Strategist Jon DiMaggio on Ransomware Affiliate Hacking
Jon DiMaggio, chief security strategist, Analyst1

A ransomware affiliate hacker known as "Bassterlord" has been involved with REvil, LockBit, Avaddon and Ransomware X. Jon DiMaggio, chief security strategist at Analyst1, convinced Bassterlord to talk about his hacking career in chats that may - or may not - amount to an exit interview from the Russian-speaking cybercriminal scene.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

"At the end of the day, crime doesn't pay," DiMaggio said. "This guy has got all these issues - health and mental issues. He's on antidepressants. He has panic attacks. He's constantly looking over his shoulder."

DiMaggio adopts fake personae to infiltrate the online worlds inhabited by ransomware hackers, such as LockBit. He made contact with Bassterlord after specifically looking for affiliate hackers to make contact with.

"I wanted to focus on an affiliate because affiliates are the ones that work with ransomware groups," Di Maggio said. Bassterlord, it turns out, lives in a Russian-controlled area of Ukraine and earned money not only by hacking but also by training new cybercriminals.

In this video interview with Information Security Media Group at RSA Conference 2023, DiMaggio also discusses:

  • Why his claim that he earned $1 million through ransomware hacking is probably an understatement;
  • Why Bassterlord's immediate future looks bleak;
  • Why you can't trust ransomware groups' claims that they'll delete data after payment.

DiMaggio has more than 15 years of experience hunting, researching and writing about advanced cyberthreats. As a specialist in enterprise ransomware attacks and nation-state intrusions, he went undercover to infiltrate one of the world's most notorious ransomware gangs, LockBit, and exposed the criminal cartels behind major ransomware attacks.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.