The BlackByte ransomware is back with version 2.0, which features a new leak site as well as LockBit-inspired extortion techniques. Hacker forums and Twitter accounts controlled by the threat actor are now promoting the updated site for data leaks as a part of the ransomware operation.

It is unclear if the ransomware encryptor has also been updated, though the threat actors have rolled out a brand new Tor data leak site.

Extortion strategies

The data leak site employs new extortion strategies that allow victims to pay based on one‘s circumstances.
  • The victim must pay $5,000 to extend the publication of their data by 24 hours.
  • The ransomware price skyrockets to $200,000 when the data is downloaded.
  • The cost of erasing all data is $300,000.
  • However, the prices are likely to vary depending on the victim firm's size and revenue.

A cybersecurity intelligence firm has confirmed that BlackByte's new data leak site is not embedding the Bitcoin and Monero addresses correctly that customers can use to purchase or delete the data, rendering these new features inoperable.
These same extortion tactics were introduced in LockBit 3.0, and Blackbyte's version is viewed as a gimmick rather than viable extortion tactics.

About Blackbyte

Hackers launched the maiden BlackByte ransomware operation in September 2021, encrypting devices and stealing data from corporate networks. To infect targets' networks, the ransomware group exploits software vulnerabilities. This makes unpatched servers a prime target for these attackers.


The emergence of BlackByte version 2.0 ransomware, which uses the most recent extortion techniques, should be closely monitored, and organizations' security barriers should be strengthened to combat threats. Threat actors continue to work on the flaw and develop new ransomware versions to continually challenge organizations' systems and keep their security operators busy.
Cyware Publisher