BlackByte Ransomware Group Have An Update

Uploaded on 2022-08-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

BlackByte ransomware hackers are returning to criminal operations with a new 2.0 version that comes with a new data leak site using new extortion tactics that they borrowed from LockBit. 

After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. 

The hackers are referring to their new operation as BlackByte version 2.0. and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new data leak site to be found on the Dark Web, accessible using the anonymous Tor browser.

Like other ransomware specialists, BlackByte targets its victim’s files by applying encryption to them. After that, BlackByte victims typically receive a ransom note on their computer screen, which says that they have to pay a ransom in order to have their files decrypted. Right now, the data leak site includes only one victim, but Blackbyte have a new extortion 'ratecard'. Victims can pay to extend the publishing of their data by 24 hours ($5,000), download the data ($200,000), or destroy all the data ($300,000).

The goal of these new extortion techniques is to allow the victim to pay to remove their data and for other threat actors to purchase it if they wish. LockBit introduced these same extortion tactics with the release of their 3.0 version. 

However, there is a flaw in the BlackBytes implementation discovered by researchers at threat intelligence firm KELA. BlackByte's  data leak site is not correctly embedding the Bitcoin and Monero addresses that victims must use to purchase or delete the data, rendering these new features currently inoperable.

BlackByte's ransomware operation launched in the summer of 2021 when they began hacking corporate networks to steal data and encrypt devices. Their highest-profile attack was against a US NFL football team. A joint advisory from the FBI and US Secret Service says they were also responsible for attacks on critical infrastructure sectors, including government facilities, financial, and food & agriculture.

BlackByte are known to breach networks by identifying and exploiting vulnerabilities and have in the past attacked Microsoft Exchange servers using the ProxyShell attack chain.  In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor, to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.

CISA:    Heimdal Security:      Unit42 / Palo Alto:        Bleeping Computer:      Data Breaches:       KELA

 Cybersecurity News:   

You Might Also Read: 

CISA & ACSC Name 2021’s Top Malware:
 

 

« Technology To Combat Human Trafficking
Xiaomi Phone Bug Enables Theft »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Uniken

Uniken

Uniken REL-ID is a safe, simple, and scalable security platform that tightly integrates your identity, authentication, and channel security.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Resilia

Resilia

RESILIA is a comprehensive portfolio of tools and training to help your organization achieve global best practice in cyber security.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

Critical Insight

Critical Insight

Critical Insight provide Managed Detection and Response, Vulnerability Detection, and Consulting Services to help you secure your mission-critical systems.

Spohn Solutions

Spohn Solutions

Spohn combines highly-experienced staff with a vendor neutral approach to deliver optimal solutions for IT Security and Compliance.

OwnBackup

OwnBackup

OwnBackup proactively prevents you from losing mission-critical data and metadata with automated backups and rapid, stress-free recovery.

Liberman Networks

Liberman Networks

Liberman Networks is an IT solutions provider company that provides security, management, monitoring, BDR and cloud solutions.

Aptum

Aptum

Aptum is a global hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

NexusTek

NexusTek

NexusTek is a managed IT services provider with a comprehensive portfolio comprised of end-user services, cloud, infrastructure, cyber security, and IT consulting.

Quotient

Quotient

Quotient builds digital experiences that empower and inspire the American people by understanding their needs, simplifying complex technical solutions and adapting to how they work, live and learn.