BlackByte ransomware group has infiltrated the networks of at least three firms in the US critical infrastructure sectors, according to the FBI
In the previous three months, the BlackByte ransomware group has infiltrated the networks of at least three firms in the US critical infrastructure sectors, according to the FBI.
This was revealed in a joint cybersecurity advisory issued by TLP:WHITE and the US Secret Service on Friday.
“As of November 2021, BlackByte ransomware had infected many US and foreign enterprises, including institutions in at least three US critical infrastructure sectors (government facilities, banking, and food and agriculture),” according to the federal law enforcement agency [PDF].
“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on infected Windows host systems, including physical and virtual servers,” according to the researchers.
The advise focuses on giving businesses indicators of compromise (IOCs) that they may use to detect and protect against BlackByte’s attacks.
MD5 hashes of suspicious ASPX files identified on hacked Microsoft Internet Information Services (IIS) servers, as well as a list of commands used by the ransomware operators during assaults, are among the IOCs connected with BlackByte activity revealed in the warning.
The ransomware attack on the San Francisco 49ers
In related news, the San Francisco 49ers of the National Football League reported over the weekend that they are recovering from a BlackByte ransomware attack.
The threat actors claimed responsibility for the attack, claiming that they took data from the football organization’s servers and posted around 300MB of files on their data leak blog.
In a statement to BleepingComputer, the 49ers confirmed the ransomware assault and stated that it only caused a temporary disruption to areas of their IT network.
Since at least July 2021, when it began targeting corporate victims around the world, the BlackByte ransomware campaign has been operating.
This gang is notorious for using software vulnerabilities (particularly Microsoft Exchange Server) to get initial access to their enterprise targets’ networks, demonstrating that keeping your servers up to date will almost certainly prevent them from attacking you.
After the ransomware gang used the same decryption/encryption key in many attacks, cybersecurity firm Trustwave produced and released a free BlackByte decryptor in October, allowing some victims to restore their files for free.