The BlackByte ransomware group breached the network of multiple US-based organizations in the critical infrastructure sector in the past three months. US officials have released a joint advisory warning against the threat.

What’s in the advisory?

  • According to a joint advisory released by the FBI and U.S. Secret Service, BlackByte has targeted various U.S. and foreign businesses in the last few months.
  • Three of its victims belong to government facilities, financial, food and agriculture sectors.
  • The advisory identifies BlackByte as a RaaS targeting Windows systems, both physical and virtual servers.
  • It further provides technical details, IOCs, and mitigation steps to help organizations stay protected from the group’s attacks.

Attack tactics

This ransomware group abuses software vulnerabilities (e.g. Microsoft Exchange Server) to obtain initial access to targets' networks. Therefore, unpatched servers are likely to be the target of these attackers.

Recent victims of BlackByte

Besides the advisory, BlackByte was in the headlines due to attacks on various organizations in the past few months.
  • Just a few days ago, NFL’s San Francisco 49ers team was targeted by BlackByte. The attackers claim to have stolen their data and leaked 300MB files on their data leak blog.
  • In December 2021, BlackByte's campaign launched attacks against organizations exposed to ProxyShell flaws in Microsoft Exchange.

Conclusion

The advisory by the FBI should be considered seriously and organizations must raise their security barriers higher to fend off threats such as BlackByte. The advisory includes a list of measures to be taken to stay protected.

Cyware Publisher

Publisher

Cyware