Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Loud Return of BlackByte ransomware: Trellix on its risks to US critical infrastructure and the 49ers

February 2022 by John Fokker, Head of Cyber Investigations, Trellix

Since the FBI and U.S. Secret Service issued an alert on BlackByte ransomware, saying it had "compromised multiple US and foreign businesses, including at least three US critical infrastructure sectors" since November, BlackByte was also publicly revealed to have infiltrated servers for the San Francisco 49ers days before the Superbowl in the U.S.

Insights from John Fokker, Head of Cyber Investigations at Trellix assert that if the BlackByte ransomware group is targeting these sectors, any organization could be at risk:

With the recent BlackByte attacks we can establish that any organization is a valid target for ransomware, from an NFL team to critical infrastructure. BlackByte is one of the Ransomware-as-a-Service groups that quickly leverages publicly disclosed vulnerabilities in known software packages, such as Microsoft Exchange. Organizations should prioritize patching their systems when a vulnerability gets disclosed. Law enforcement has published very solid advice on BlackByte containing behavioral indicators that organizations can leverage to hunt for signs of anomalous behavior in their environment thus detecting the threat before encryption takes place.”

See previous articles


See next articles