Loud Return of BlackByte ransomware: Trellix on its risks to US critical infrastructure and the 49ers
February 2022 by John Fokker, Head of Cyber Investigations, Trellix
Since the FBI and U.S. Secret Service issued an alert on BlackByte ransomware, saying it had "compromised multiple US and foreign businesses, including at least three US critical infrastructure sectors" since November, BlackByte was also publicly revealed to have infiltrated servers for the San Francisco 49ers days before the Superbowl in the U.S.
Insights from John Fokker, Head of Cyber Investigations at Trellix assert that if the BlackByte ransomware group is targeting these sectors, any organization could be at risk:
With the recent BlackByte attacks we can establish that any organization is a valid target for ransomware, from an NFL team to critical infrastructure. BlackByte is one of the Ransomware-as-a-Service groups that quickly leverages publicly disclosed vulnerabilities in known software packages, such as Microsoft Exchange. Organizations should prioritize patching their systems when a vulnerability gets disclosed. Law enforcement has published very solid advice on BlackByte containing behavioral indicators that organizations can leverage to hunt for signs of anomalous behavior in their environment thus detecting the threat before encryption takes place.”