Joint Cybersecurity Advisory from federal law enforcement includes indicators of compromise associated with the ransomware variant.

Dark Reading Staff, Dark Reading

February 15, 2022

1 Min Read

The FBI and US Secret Service today released a joint cybersecurity advisory on pervasive ransomware-as-a-service group BlackByte, warning that attackers deploying the ransomware had infected organizations in at least three US critical infrastructure sectors —  government facilities, financial, and food and agriculture — as well as others outside the US.

BlackByte is known for encrypting victim files on Windows systems and virtual machines, and according to the FBI and USSS, the attackers exploited "a known Microsoft Exchange Server" vulnerability in some victim systems. 

"In some instances, BlackByte ransomware actors have only partially encrypted files. In cases where decryption is not possible, some data recovery can occur," according to the advisory, which includes specific mitigation methods for the ransomware. "A newer version encrypts without communicating with any external IP addresses. BlackByte ransomware runs executables from c:\windows\system32\ and C:\Windows\. Process injection has been observed on processes it creates."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights