The BlackByte ransomware family seemed to have disappeared from the map, but this absence has only lasted for a short time. The group has returned and has done it in a big way.
BlackByte is a group that offers Ransomware as a Service (RaaS). Which is dedicated to encrypting compromised files on Windows machines including both physical and virtual servers.
BlackByte has been evolving its methods, just like other ransomware gangs have. Lately they had adopted a ‘removal’ so that companies and institutions that had been hacked could pay a lower amount if they did so within 24 hours of the attack. If they exceeded that interval, they were asked for a higher amount.
Now BlackByte has reinvented itself and has ‘copied’ the strategy followed by the LockBit group in its 3.0 incarnation. What they do is extort money from victims using a leak page within the dark web. However, they have incorporated some more ‘creative’ options.
According to Bleeping Computer, they offer victims to delay the publication of data for another 24 hours for $5,000. They also have the opportunity to download the stolen data for 200,000 dollars or the ‘Promise’ that it will be destroyed for 300,000 although… We know that these ‘Promises’ can be pure talk and we should not trust this.
Cybersecurity agencies have recommended that measures be taken to mitigate attacks from both BlackByte and any other attackers using ransomware so that we are not caught off guard.