BlackByte Ransomware Now Included Data Theft Capabilities

A BlackByte ransomware affiliate is using a new custom data stealing tool called to steal data from compromised Windows devices so that they can do double extortion attacks reports Bleeping Computer. This news comes months after the FBI released an advisory on the strain, following its use to breach three companies in the US’ critical infrastructure.

Kevin Bocek, VP of Security Strategy & Threat Intelligence at Venafi has this to say:

“Following attacks on US critical infrastructure, the FBI released an advisory on BlackByte ransomware in February. But clearly this has done little to deter threat actors. They’ve built on BlackByte’s success with this latest update, which now includes next-generation double extortion capabilities, including a direct upload of exfiltrated data to Mega cloud with hardcoded credentials. This should set alarm bells ringing for organizations. Double extortion tactics make it much harder to say no to ransomware demands because the safety net of ‘restore from backup’ is no longer there to fall back on.

Our research shows that 83% of ransomware attacks now make use of double extortion tactics. Threat actors – who are essentially just developers gone bad – have worked hard to improve their product, and the cybersecurity industry should be responding in kind. Ransomware often evades detection because it runs without a trusted machine identity. So, organizations must be managing machine identities via a control plane to reduce the use of unsigned scripts, increase code signing and restrict the execution of malicious macros. This is vital to a well-rounded ransomware defense.”

As these ransomware gangs evolve their attacks, companies need to evolve their defences accordingly. Otherwise they’ll just become victims of these ransomware gangs.

Leave a Reply

%d bloggers like this: