In our previous analysis About Black Garda, a large group of Ransomware whose victims paid over $ 100 million from early 2022. years, we found unique patterns in their crypto transactions, which we enable us to identify a large number of Bitcoins’ purchased banks.

Date 11. February 2025, Black Bastana conversation logs leaked, exposing data involving writing addresses used by black basta members and other external actors in the Ransomware ecosystem. In fact, certain means of leaked addresses can be tracked back to the black garden the redemption results we have previously identified. The leaks gave us a travel picture of how subsequent ransom were consumed to finance the operation.

Crying ecosystem: Ransomware Enableers and sample analysis

The leakage offers a deeper understanding of the RansSware Group’s operational and financial practices and their ransomware ecosystems, including forms that can be analyzed for detecting other related transactions.

Payments are identified in the letter, come from infrastructure costs, internal salaries or commission payments, joining revenue. For branches, profit actions vary, ranging from 15% to 80% of the purchased redemption, depending on their level of involvement in a particular campaign. Associate subsidiaries who just gave the initial approach to the objectives, according to the instructions of the Operator’s Black Garden and with all costs covered by the Ransomware group, received the smallest share.

In contrast, branches who identify the goals independently, acquired approaches, provided information on the company’s revenue and arranged by the redemption cabinet received 80% of the ransom. Access to attributing service providers is particularly effective, because attributions remain relevant even when RansansWare Groups are rebrand or branches of change between different operations.

Furthermore, cutting chat reveals and insights into money laundering strategies, which include the conversion of Bitcoins to Monero, and subsequently up to the CROON network, using coins or Russian current exchangers. Discussions also mention the use of the mixer, and then bridges to lower risk results and origin of vague funds, tactics often use other organized criminal groups.

Together, these profit sharing programs and washing techniques exhibit identifying forms, which can be used to detect additional addresses.

What is the following: Integrating insights into elliptical products

Findings from leaks provide valuable insights into how cryptoturcy wallets are used to facilitate payment in the Ecosythe Ransomware. These insights can help order Ranswarea operations through two cases of primary use.

First, providers of virtual assets can use transaction screening, such as elliptical navigators for customer deposits with reensow wallets, allowing them to intervene before they intervene before they intervene.

Second, law enforcement agencies may use Blockchain forensic solutions such as an elliptical investigator to find the beat movement, identify those behind transactions and support potential asset attacks. In addition, government agencies that swallow Elliptical Blockchain Intelligence directly can use clearer behavior samples embedded in data to strengthen detection capabilities and expand their models. In addition to rich, more structured insights as the foundation, investigative teams can be built on known typologies on the surface region or risk-specific mission and accelerate investigations.

Collectively, these actions work on the disorder of criminal networks that allow Ransomware operations.