Threat Watch

BlackByte Ransomware Gang Back with New Leak Site

On Monday the threat actor known as BlackByte announced, via twitter and other criminal forums, the availability of a new data leak site. Referring to itself as “BlackByte version 2.0,” this new site purports to allow victims to delay the publishing of data, download the data, or destroy the data. There is currently one victim listed on the site, and the prices listed for this victim are $5,000, $200,000, and $300,000, respectively.

BlackByte began their operations in 2021, targeting both corporate entities and critical infrastructure. Later that year, researchers from Trustwave released a decryptor for the ransomware, but BlackByte quickly adapted to reduce its effectiveness. Since then, there have been multiple variants of the ransomware seen in the wild.

ANALYST NOTES

BlackByte is known to exploit vulnerabilities quickly after they’re announced, so one of the most effective strategies companies can employ to protect against this group is to maintain an efficient vulnerability management process. The ransomware itself automates many of the initialization steps required to execute successfully, so companies should ensure detections they have in place for events such as disabling the Windows firewall and deleting shadow copies are working as intended. Customizing detections to an organization’s unique baseline activity while ensuring coverage of post exploitation activity, is a key benefit offered by Binary Defense’s Threat Hunting services.

https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-gang-is-back-with-new-extortion-tactics/