BlackBasta Log 2
5/26/2026, 9:35:58 AM
VictimInvalid Date
Our managers just told me they are meeting about this situation and how to pay you. They are asking if you can give us a list of the data you took. Can you please give a list of the files you downloaded?
BlackBastaInvalid Date
Sure, wait please.
BlackBastaInvalid Date
Download file: [redacted].zip
BlackBastaInvalid Date
This is the full list of your taken data. You can choose any 3 file names from list and I will send them to you, like a proof. But these files must not contain the important information.
VictimInvalid Date
Thank you very much!
BlackBastaInvalid Date
We wait your files.
VictimInvalid Date
Here are the three files:
VictimInvalid Date
Company/_SALES AND MARKETING/1_Client Services/1_Account Management/[redacted]/2020/[redacted] Data Transfer Agreement [redacted] - signed.pdf HR/Employee Files/Current Employees/[redacted]/[redacted] SIGNED.pdf Company/_SALES AND MARKETING/1_Client Services/Contracts/[redacted] Contract/[redacted] partner agreement.pdf
BlackBastaInvalid Date
OK, wait please.
BlackBastaInvalid Date
Download file: [redacted].zip
BlackBastaInvalid Date
These are your requested files.
VictimInvalid Date
Thank you. I will give these files to my manager.
BlackBastaInvalid Date
We'll be in touch.
VictimInvalid Date
They asked me today if you will give us some kind of proof when you delete the files? Also, they asked what is the method to pay you? Is it wire transfer? They will have a meeting tomorrow with the executives, so they are asking these questions. Thank you.
BlackBastaInvalid Date
After deleting files, we will send you a full deletion log. As for the payment, - we accept the payment in cryptocurrency bitcoin.
VictimInvalid Date
Okay, thank you. They have another question about the payment. When you said $700,000, did you mean Canadian dollars? They just want to be sure since our company in in Canada, not in the USA.
BlackBastaInvalid Date
No, we mean US Dollars.
VictimInvalid Date
Okay. Our executives have analyzed everything with the information you provided. They told me to tell you that they can agree to pay $250,000 US dollars within 24 hours if you can accept that amount.
BlackBastaInvalid Date
No, we don't agree. Our price is $700,000 ,but we can give you 20% discount if you pay during 48 hours. If you don't pay for this time, then the price will become initial.
VictimInvalid Date
Hello. Our company leadership has been working to meet your demand. We are now able to pay you $500,000 US dollars, but we have to pay a lot of money for the conversion from Canadian dollars to US dollars. We also checked on how to send the payment and we have to pay a large fee for sending the bitcoin.
VictimInvalid Date
Can you please accept the payment as $500,000 US dollars? That way, we still have some money to pay the fees for conversion and for the bitcoin? Thank you.
VictimInvalid Date
Also, if you accept this, please send us the wallet address for the bitcoin payment. We already have the company to send the payment but they asked us for the bitcoin address. Thank you.
BlackBastaInvalid Date
OK, we agree. After payment: 1. You receive decryptors. 2. Your page will be totally deleted from the blog. 3. ALL your data will be deleted and you will receive the full deletion log. 4. You will get penetration report and recommendations how to avoid such the situations in the future. 5. You receive the guarantee that BB or anyone of our team will not NEVER attack you again. Our BTC wallet: [redacted]
VictimInvalid Date
Okay, thank you! We will work to send the payment quickly today.
BlackBastaInvalid Date
We'll be in touch.
VictimInvalid Date
Hello. We have everything ready to send the payment to you now, but our executives would like to send a small payment first so you can verify that you received it. Then, we can send the rest. They are just nervous about using bitcoin for the first time.
VictimInvalid Date
is it okay to send you the small payment first and then send the rest right after you tell us you received it?
VictimInvalid Date
also, please verify the wallet address again as: [redacted]
BlackBastaInvalid Date
Just a minute
BlackBastaInvalid Date
We confirm this address [redacted]
BlackBastaInvalid Date
We are waiting your test payment
VictimInvalid Date
thank you. will we be able to send the second payment to the same address? I mean both payments will go to the same wallet?
BlackBastaInvalid Date
Yes
VictimInvalid Date
thanks.
VictimInvalid Date
The company doing the payment for us just told me they are sending 0.43 BTC now as the test payment.
VictimInvalid Date
Please confirm when you receive it.
BlackBastaInvalid Date
Confirm 0.43000000 BTC
VictimInvalid Date
thank you.
BlackBastaInvalid Date
Payment received. Your blog was deleted. Now your data is wiping.
BlackBastaInvalid Date
Download file: [redacted].rar
BlackBastaInvalid Date
This is log of deletion all your taken data.
BlackBastaInvalid Date
Security report and recommendation: Your network has been compromised by mailing of messages to the emails with malicious attachments. One of the users launched malware. To avoid this in the future, give you recommendations of network protection: 1. Use sandbox to analyze the contents of letters and their attachments. 2. Use the password security policies 3. Make protection from attack like a Pass-the-Hash and Pass-the-ticket attack 4. Update all OS and software to the latest versions, especially Microsoft Defender Antivirus. 5. Implement the hardware firewalls with filtering policies, modern DLP and IDS, SIEM systems. 6. Block kerberoasting attacks 7. Conduct full penetrations tests and audit 8. Use and update Anti-virus/anti-malware and malicious traffic detection software 9. Configure group policies, disable the default administrators accounts, create new accounts. 10. Backups. You must have offline backups, does not have access to the network.
VictimInvalid Date
thank you for the fast response. when can we get the decryptor?
BlackBastaInvalid Date
Very soon.
BlackBastaInvalid Date
Now is preparing decryption tools.
VictimInvalid Date
thank you
BlackBastaInvalid Date
Download file: [redacted].exe
BlackBastaInvalid Date
How to decrypt windows? 1. Drop executable to any folder. 2. Start new terminal session with administrator rights. (run cmd.exe or powershell.exe with admin rights) 3.1. In cmd.exe type full path to the executable file and press Enter. 3.2. In powershell.exe type: "& c:\full\path\to\executable.exe" without quotes and press Enter. OR 1. Drop file. 2. Click right mouse button on the file and press run as admin. (!) IMPORTANT 1. Yoy can decrypt only 1 folder (test decrypt for example) decrypt.exe -forcepath c:\users\1\Desktop\folder 2. DO NOT CLOSE decryptor yourself OR 1. Drop file. 2. Click right mouse button on the file and press run as admin. (!!!!!!!) IMPORTANT 1. You can decrypt only 1 folder (test decrypt for example) decrypt.exe -forcepath c:\users\1\Desktop\folder 2. DO NOT CLOSE decryptor yourself.
VictimInvalid Date
thank you
VictimInvalid Date
Thank you. the decryption is working on our test files. Is it possible for you to tell us which employee opened the attachment file in the email? either the employee name or the name of the computer? That would help us very much. Thank you again.
Links
No links were attached to this log.