Preface
Would you want to talk with a ransomware hacker who partnered with some of the world’s most notorious ransomware gangs? Well, that is exactly what I set out to do after writing the previous edition of the Ransomware Diaries, and let me tell you, this story won’t leave you disappointed.
Instead, you will learn about a man who entered organized crime at a young age and was groomed and mentored by an important, well-connected figure within the ransomware community.
The story I will tell you has a lot of twists — some of which may be upsetting, and others that will help you understand the person behind the crimes. More importantly, it will provide insight into the profile of the type of person you may chase across your organization’s networks, or worse, communicate with as you negotiate an extortion payment after a ransomware attack.
You may wonder how I could have gained the trust of a criminal and convinced someone to share their story and reveal personal details about their life of crime.
After I published the Ransomware Diaries on January 16, 2023, a lot changed in my life. I had just revealed my identity to some of the worst criminals in the world. More importantly, they knew I betrayed them and used the relationship to produce intelligence that could be leveraged against them. It was a bit overwhelming, and I expected anger and threats. Instead, I got interview requests! It’s certainly not how I thought things would turn out, but I found myself in a position to capture a side of ransomware rarely seen by most of us: The human side.
The story I will tell you is not mine, but it is the account of a man who was once no different than you or me. Unfortunately, poor decisions and hardships in his life pushed him to a dark place, from which he never returned.
This is Bassterslord’s story.
Insights
Below is a list of insights I learned while conducting research into Bassterlord. However, the fascinating aspect of this story evolved from the content shared in the “Interview” section of this report. There, in the interview, I really began to see the events and triggers that changed Bassterlord as a person, which llowed me to understand how he became the criminal he is today. In conjunction with ransomware attacks and direct connections with high-level ransomware criminals, this back story detailed in our interview will reveal the real impact of Bassterlord’s story.
Here are some important details I learned about Bassterlord:
• Bassterlord is a ransomware affiliate who runs his team, known as the National Hazard Agency. Originally, he was a junior. team member, but as time progressed, he moved up the ranks and is now its leader.
• Bassterlord partnered with at least four ransomware gangs: REvil, RansomEXX, Avadon and LockBit.
• Bassterlord is a Caucasian male around 27 years old, born, raised, and living in Lugansk, Ukraine. He operates on Russian underground forums under the monikers “Fisheye,” “Bassterlord,” “Buster,” and “National Hazard Agency,” which is also the name of his team.
• Lalartu (AKA Sheriff), a known persona in ransomware since 2019 who played a role in gangs such as GandCrab, REvil, Conti, and others, mentored Basstorlord and taught him how to conduct ransomware attacks. Lalartu also introduced and vouched for Bassterlord’s admittance into the REvil ransomware gang.
• Bassterlord authored two training manuals — one which he distributed for free on Russian hacking forums, and the other which he sold for $10k per copy. Bassterlord also directly trained other hackers, teaching them how to conduct ransomware attacks.
• Prodaft, a cyber security company, obtained Bassterlord’s manual and is allegedly trying to dox Bassterlord and reveal his true identity.
• Bassterlord is also an “access broker,” selling access into compromised victim environments in addition to his ransomware operation.
• Bassterlord is behind several high-profile attacks against organizations such as Uruguayan Navy, India’s Department of Revenue, and was associated with the attack against Maximum Industries, a contractor of SpaceX, amongst several others.
Download & read the complete report below 👇👇👇
