Join Intel 471 for our webinar “Decoding the Ransomware Playbook: Threat Hunting Opportunities to Thwart Bassterlord’s Techniques” to discover how your teams can use intelligence-driven threat hunting to identify and stop top-tier ransomware threats early in the attack lifecycle — before adversaries deploy ransomware or exfiltrate data.
The prominent LockBit affiliate Bassterrlord’s release of three intrusion manuals between 2021 and early 2024 provided budding cybercriminals a how-to guide for assembling and operating the resources to gain access to organizations and conduct ransomware attacks. Prior to the U.S. indictment and unmasking of Bassterlord in February 2024, Intel 471 obtained secret and unredacted versions of the manuals for its in-depth CTI analysis.
While LockBit activity has subsided, many of the techniques described in the Bassterlord manuals remain in use today and were widely adopted by high profile ransomware-as-a-service (RaaS) programs, including LockBit, ALPHV, Black Basta, Akira, Play, REvil and others. These groups and their methods continue to pose a significant threat to businesses in the retail and hospitality sectors, and all critical sectors where data can be leveraged for extortion.
Join Intel 471 Senior Intel Analyst, Carlos Borges, and Intel 471 Senior Threat Hunt Analyst, Scott Poley, at 12pm EST on Tuesday, February 25, 2025 to explore insights into cybercriminal behaviors from an adversary who operated in major RaaS programs and learned from experienced actors. You’ll learn how to identify threat hunting opportunities using tactics, techniques, and procedures (TTPs) observed in ransomware attacks and how to evaluate the adversary’s intentions, capabilities, and objectives throughout the attack chain to build effective behavioral threat hunts and improve visibility across your environment.
