BlackByte Ransomware Group Have An Update

Uploaded on 2022-08-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

BlackByte ransomware hackers are returning to criminal operations with a new 2.0 version that comes with a new data leak site using new extortion tactics that they borrowed from LockBit. 

After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. 

The hackers are referring to their new operation as BlackByte version 2.0. and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new data leak site to be found on the Dark Web, accessible using the anonymous Tor browser.

Like other ransomware specialists, BlackByte targets its victim’s files by applying encryption to them. After that, BlackByte victims typically receive a ransom note on their computer screen, which says that they have to pay a ransom in order to have their files decrypted. Right now, the data leak site includes only one victim, but Blackbyte have a new extortion 'ratecard'. Victims can pay to extend the publishing of their data by 24 hours ($5,000), download the data ($200,000), or destroy all the data ($300,000).

The goal of these new extortion techniques is to allow the victim to pay to remove their data and for other threat actors to purchase it if they wish. LockBit introduced these same extortion tactics with the release of their 3.0 version. 

However, there is a flaw in the BlackBytes implementation discovered by researchers at threat intelligence firm KELA. BlackByte's  data leak site is not correctly embedding the Bitcoin and Monero addresses that victims must use to purchase or delete the data, rendering these new features currently inoperable.

BlackByte's ransomware operation launched in the summer of 2021 when they began hacking corporate networks to steal data and encrypt devices. Their highest-profile attack was against a US NFL football team. A joint advisory from the FBI and US Secret Service says they were also responsible for attacks on critical infrastructure sectors, including government facilities, financial, and food & agriculture.

BlackByte are known to breach networks by identifying and exploiting vulnerabilities and have in the past attacked Microsoft Exchange servers using the ProxyShell attack chain.  In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor, to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.

CISA:    Heimdal Security:      Unit42 / Palo Alto:        Bleeping Computer:      Data Breaches:       KELA

 Cybersecurity News:   

You Might Also Read: 

CISA & ACSC Name 2021’s Top Malware:
 

 

« Technology To Combat Human Trafficking
Xiaomi Phone Bug Enables Theft »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Leonardo

Leonardo

Leonardo, formerly Finmeccanica, is a global high-tech company in Aerospace, Defence, Security & Information Systems including Cybersecurity & ICT solutions.

Cloud Distribution

Cloud Distribution

Cloud Distribution is a value-added distributor that specialises in bringing innovative and disruptive cyber security, mobile security, networking and data protection solutions to market.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Secure Edge Networks

Secure Edge Networks

Secure Edge specializes in the design and deployment of enterprise wireless networks. Our mission is to be the best in the world at secure mobility.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

Claroty

Claroty

Claroty was conceived to secure and optimize OT networks that run the world’s most critical infrastructures.

EverC

EverC

EverC (previously EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

PAS Global

PAS Global

PAS provides process safety, cybersecurity, and asset reliability solutions for the energy, process, and power industries worldwide.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

Ampion

Ampion

Ampion is a leading Australian provider of cyber security, DevOps and quality engineering services.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.