In a joint alert, the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) warn that the BlackByte ransomware has been utilized in attacks on at least three critical infrastructure sectors in the United States.
You Might Also Like
A list of countermeasures that can aid administrators in thwarting BlackByte attacks:
- Make regular backups of all data, which should be stored offline as air gapped, password-protected copies. Ensure that these copies are not editable or deleteable from any system where the original data is stored.
- Implement network segmentation to prevent all machines on your network from communicating with each other.
- Install and update antivirus software on all hosts on a regular basis, and turn on real-time detection.
- As soon as updates/patches are available, install them on your operating system, applications, and firmware.
- Look for new or unknown user accounts on domain controllers, servers, workstations, and active directories.
- User accounts with administrator privileges should be audited, and access controls should be configured with the least amount of privilege in mind. Do not grant administrative privileges to all users.
- Disable any unused remote access/Remote Desktop Protocol (RDP) ports and keep an eye on the remote access/RDP logs for anything strange.
- Consider including an email banner in emails that come from outside your company.
- Disable hyperlinks in emails you’ve received.
- When logging into accounts or services, use two-factor authentication.
- Ensure that all accounts are audited on a regular basis.
- Ascertain that all identified IOCs are entered into the network SIEM for ongoing monitoring and notifications.
