BlackByte Ransomware Group Have An Update

BlackByte ransomware hackers are returning to criminal operations with a new 2.0 version that comes with a new data leak site using new extortion tactics that they borrowed from LockBit. 

After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. 

The hackers are referring to their new operation as BlackByte version 2.0. and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new data leak site to be found on the Dark Web, accessible using the anonymous Tor browser.

Like other ransomware specialists, BlackByte targets its victim’s files by applying encryption to them. After that, BlackByte victims typically receive a ransom note on their computer screen, which says that they have to pay a ransom in order to have their files decrypted. Right now, the data leak site includes only one victim, but Blackbyte have a new extortion 'ratecard'. Victims can pay to extend the publishing of their data by 24 hours ($5,000), download the data ($200,000), or destroy all the data ($300,000).

The goal of these new extortion techniques is to allow the victim to pay to remove their data and for other threat actors to purchase it if they wish. LockBit introduced these same extortion tactics with the release of their 3.0 version. 

However, there is a flaw in the BlackBytes implementation discovered by researchers at threat intelligence firm KELA. BlackByte's  data leak site is not correctly embedding the Bitcoin and Monero addresses that victims must use to purchase or delete the data, rendering these new features currently inoperable.

BlackByte's ransomware operation launched in the summer of 2021 when they began hacking corporate networks to steal data and encrypt devices. Their highest-profile attack was against a US NFL football team. A joint advisory from the FBI and US Secret Service says they were also responsible for attacks on critical infrastructure sectors, including government facilities, financial, and food & agriculture.

BlackByte are known to breach networks by identifying and exploiting vulnerabilities and have in the past attacked Microsoft Exchange servers using the ProxyShell attack chain.  In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor, to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.

CISA:    Heimdal Security:      Unit42 / Palo Alto:        Bleeping Computer:      Data Breaches:       KELA

 Cybersecurity News:   

You Might Also Read: 

CISA & ACSC Name 2021’s Top Malware:
 

 

« Technology To Combat Human Trafficking
Xiaomi Phone Bug Enables Theft »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Eqlipse Technologies

Eqlipse Technologies

Eqlipse Technologies provides products and high-end engineering solutions to customers in the Department of Defense and Intelligence Community.

Crypto Legal

Crypto Legal

Crypto Legal is a leading UK-based law firm specialising in blockchain forensics and legal services.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.