BlackByte ransomware v2 is out with new extortion novelties

A new version of the BlackByte ransomware appeared in the threat landscape, version 2.0 uses extortion techniques similar to LockBit ones.

BlackByte ransomware Version 2.0 appeared in the threat landscape after a short break, the latest version has a new data leak site.

It is interesting to note that the group introduced some novelties in the extortion strategy.

The gang allows victims to pay $5,000 to postpone the leaking of their data by 24 hours, download the data for $200,000, or destroy all the data by paying a $300,000 ransom. The prices are not fixed and could vary depending on the importance of the victim.

Researchers from threat intelligence firm KELA noticed that the new BlackByte’s leak site lack of wallet addresses, this means that victims cannot pay the ransom.

The BlackByte ransomware operation has been active since September 2021, in October 2021 researchers from Trustwave’s SpiderLabs released a decryptor that can allow victims of early versions of BlackByte ransomware to restore their files for free.

In February, the US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors.

In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Blackbyte)

[adrotate banner=”5″]

[adrotate banner=”13″]