The BlackByte ransomware introduced a new upgrade for their cybercriminal activity after researchers spotted an unknown sample from them. In this report, the BlackByte operators used a new extortion tactic adopted from LockBit.
After a quick hiatus, the BlackByte ransomware operation is endorsing their new data leak website on several hacking forums, and through social media they control.
The threat actors also launched their brand-new Tor data leak site and its new iteration called BlackByte version 2.0. However, researchers cannot conclude if there is a change in the ransomware’s encryptor.
The new data leak website exclusively includes one victim as of now. It features a promo that allows the victims to pay an amount for extending the publishing of their data by 24 hours. The actors also offer their customers $200,000 for downloading/retrieving or destroying all the stolen data for $300,000.
Researchers believed that the prices would vary depending on the size or revenue of the stolen data.
However, a cybersecurity analyst pointed out that BlackByte’s new data leak site did not correctly embed the Monero and Bitcoin addresses, which customers can use to purchase or delete the offered data. Hence, these new features are currently in-development or broken.
This new extortion technique from BlackByte aims to force its victims to pay the ransom quickly before other threat actors purchase it. LockBit introduced these tactics after releasing its version 3.0, but researchers saw it as a gimmick rather than a severe threat among entities.
BlackByte ransomware is constantly making noise despite its short stint in the cybercriminal world.
The BlackByte ransomware operation was introduced last summer last year when its operators started breaching corporate networks to steal data and encrypt targeted devices.
Their most priced attack was against a National Football League team last year. However, CISA and FBI state that they were also involved in the attacks against critical infrastructure sectors, such as government facilities, food, agriculture, and finance.
Furthermore, the threat actors are notorious for breaching networks via critical flaws, like breaching the MS Exchange servers utilising the ProxyShell attack chain.
Experts recommend that employing a proper cybersecurity solution would help significantly in fending off these malicious attacks.
