Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

BlackByte ransomware gang is back with new extortion tactics

August 2022 by Lawrence Abrams, BleepingComputer

The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit.

After a brief disappearance, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts the threat actor controls.

The threat actors are calling this new iteration of their operation BlackByte version 2.0, and while it is not clear if the ransomware encryptor has changed as well, the gang has launched a brand new Tor data leak site.
New Windows PowerToys OCR tool will let you copy text from images

The data leak site only includes one victim at this time but now has new extortion strategies that allow victims to pay to extend the publishing of their data by 24 hours ($5,000), download the data ($200,000), or destroy all the data ($300,000). These prices will likely change depending on the size/revenue of the victim.

However, as pointed out by cybersecurity intelligence firm KELA, BlackByte’s new data leak site is not correctly embedding the Bitcoin and Monero addresses that "customers" can use to purchase or delete the data, making these new features currently broken.

The goal of these new extortion techniques is to allow the victim to pay to remove their data and for other threat actors to purchase it if they wish.

LockBit introduced these same extortion tactics with the release of their 3.0 version and are seen more as a gimmick than as viable extortion tactics.
Who is BlackByte?

The BlackByte ransomware operation launched in the summer of 2021 when the hackers began breaching corporate networks to steal data and encrypt devices.

Their highest-profile attack was against the NFL’s 49ers, but a joint advisory from the FBI and Secret Service says they were also responsible for attacks on critical infrastructure sectors, including government facilities, financial, and food & agriculture.

The threat actors are known to breach networks using vulnerabilities and in the past have breached Microsoft Exchange servers using the ProxyShell attack chain.

In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.
Related Articles:

Ransomware gang creates site for employees to search for their stolen data

Ransomware gangs move to ’callback’ social engineering attacks

LockBit 3.0 introduces the first ransomware bug bounty program

Digital security giant Entrust breached by ransomware gang

How Conti ransomware hacked and encrypted the Costa Rican government


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts