The BlackByte ransomware is here again with the version 2.0 of its operation. Its comeback includes a new data leak site that utilizes new extortion techniques borrowed from LockBit.
After a short hiatus, they are promoting a new data leak site on hacker forums as their comeback act. Additionally this promotion is also carried out through Twitter accounts that the Twitter account controls.
The threat actors have name this new version as BlackByte version 2.0. Along with it, they have launched a new Tor data leak site.
Presently the data leak site has only victimized one victim. However, it possess new extortion strategies that offers victims various negotiation prices. Victims can pay $5,000 to extend the publishing of their data by 24 hours, download the data ($200,000) and $300,000 to destroy all the data. The prices are likely to differ according to the revenue/size of the victim.
KELA, cybersecurity intelligence firm informs that BlackByte’s new data leak site is not embedding the Bitcoin and Monero addresses correctly, that “customers” can use to purchase or delete the data, making these new features currently broken.
The goal of this new campaign is to leave a way for victims to pay to remove their data and for other threat actors to purchase if they wish to.
