BlackByte Ransomware Group Have An Update

Uploaded on 2022-08-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

BlackByte ransomware hackers are returning to criminal operations with a new 2.0 version that comes with a new data leak site using new extortion tactics that they borrowed from LockBit. 

After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls. 

The hackers are referring to their new operation as BlackByte version 2.0. and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new data leak site to be found on the Dark Web, accessible using the anonymous Tor browser.

Like other ransomware specialists, BlackByte targets its victim’s files by applying encryption to them. After that, BlackByte victims typically receive a ransom note on their computer screen, which says that they have to pay a ransom in order to have their files decrypted. Right now, the data leak site includes only one victim, but Blackbyte have a new extortion 'ratecard'. Victims can pay to extend the publishing of their data by 24 hours ($5,000), download the data ($200,000), or destroy all the data ($300,000).

The goal of these new extortion techniques is to allow the victim to pay to remove their data and for other threat actors to purchase it if they wish. LockBit introduced these same extortion tactics with the release of their 3.0 version. 

However, there is a flaw in the BlackBytes implementation discovered by researchers at threat intelligence firm KELA. BlackByte's  data leak site is not correctly embedding the Bitcoin and Monero addresses that victims must use to purchase or delete the data, rendering these new features currently inoperable.

BlackByte's ransomware operation launched in the summer of 2021 when they began hacking corporate networks to steal data and encrypt devices. Their highest-profile attack was against a US NFL football team. A joint advisory from the FBI and US Secret Service says they were also responsible for attacks on critical infrastructure sectors, including government facilities, financial, and food & agriculture.

BlackByte are known to breach networks by identifying and exploiting vulnerabilities and have in the past attacked Microsoft Exchange servers using the ProxyShell attack chain.  In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor, to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.

CISA:    Heimdal Security:      Unit42 / Palo Alto:        Bleeping Computer:      Data Breaches:       KELA

 Cybersecurity News:   

You Might Also Read: 

CISA & ACSC Name 2021’s Top Malware:
 

 

« Technology To Combat Human Trafficking
Xiaomi Phone Bug Enables Theft »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

Cyberia Group

Cyberia Group

Cyberia is a leading Internet and Security services provider with operations in Saudi Arabia, Lebanon and Jordan.

Computest

Computest

Computest security testing services include Mobile app security, Vulnerability assessments, Attack & penetration testing, Security awareness training, Network security assessments.

MaskTech

MaskTech

MaskTech supplies highest security embedded chipsets, operating systems and related middleware for electronic identification cards, travel documents and authentication solutions.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

Project Cypher

Project Cypher

Project Cypher leverages the latest cybersecurity developments, a world class team of hackers and constant R&D to provide you with unparalleled cybersecurity offerings.

Cyber and Fraud Centre – Scotland

Cyber and Fraud Centre – Scotland

The Cyber and Fraud Centre – Scotland exists to ensure Scottish organisations are as resilient as they can be against cyber and fraud crime.