BlackByte Ransomware Group Have An Update

Uploaded on 2022-08-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

BlackByte ransomware hackers are returning to criminal operations with a new 2.0 version that comes with a new data leak site using new extortion tactics that they borrowed from LockBit. 

After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. 

The hackers are referring to their new operation as BlackByte version 2.0. and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new data leak site to be found on the Dark Web, accessible using the anonymous Tor browser.

Like other ransomware specialists, BlackByte targets its victim’s files by applying encryption to them. After that, BlackByte victims typically receive a ransom note on their computer screen, which says that they have to pay a ransom in order to have their files decrypted. Right now, the data leak site includes only one victim, but Blackbyte have a new extortion 'ratecard'. Victims can pay to extend the publishing of their data by 24 hours ($5,000), download the data ($200,000), or destroy all the data ($300,000).

The goal of these new extortion techniques is to allow the victim to pay to remove their data and for other threat actors to purchase it if they wish. LockBit introduced these same extortion tactics with the release of their 3.0 version. 

However, there is a flaw in the BlackBytes implementation discovered by researchers at threat intelligence firm KELA. BlackByte's  data leak site is not correctly embedding the Bitcoin and Monero addresses that victims must use to purchase or delete the data, rendering these new features currently inoperable.

BlackByte's ransomware operation launched in the summer of 2021 when they began hacking corporate networks to steal data and encrypt devices. Their highest-profile attack was against a US NFL football team. A joint advisory from the FBI and US Secret Service says they were also responsible for attacks on critical infrastructure sectors, including government facilities, financial, and food & agriculture.

BlackByte are known to breach networks by identifying and exploiting vulnerabilities and have in the past attacked Microsoft Exchange servers using the ProxyShell attack chain.  In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor, to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.

CISA:    Heimdal Security:      Unit42 / Palo Alto:        Bleeping Computer:      Data Breaches:       KELA

 Cybersecurity News:   

You Might Also Read: 

CISA & ACSC Name 2021’s Top Malware:
 

 

« Technology To Combat Human Trafficking
Xiaomi Phone Bug Enables Theft »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Wavestone

Wavestone

Wavestone is a strategy and technology consulting company with areas of expertise including digital transformation and cybersecurity.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

Pluribus One

Pluribus One

Pluribus One develops customized solutions and other data-driven applications to secure your business and your devices.

Seekurity

Seekurity

Seekurity is an information security consulting firm specialized in all areas of Cyber Security including Penetration Testing, Vulnerability Assessments and Risk Management.

Slovenska Akreditacija (SA)

Slovenska Akreditacija (SA)

Slovenska Akreditacija (Slovenia Accreditation) is the national standards accreditation body for Slovenia.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

IPKeys Technologies

IPKeys Technologies

IPKeys delivers innovative cybersecurity and technology solutions focused on helping the federal government reduce risk and protect the US from cyberattacks.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.