With new extortion techniques, the BlackByte ransomware returned to their operation. Their operation version 2.0 comes with a new data leak site using new extortion tactics that they borrowed from LockBit.
BlackByte Ransomeware Gang Uses New Extortion Strategies
BlackByte Ransomware gang disappeared for a while but now they have come back to ransomware operation.
With their return, the gang is promoting a new data leak site on hacker forums. They are also doing the promotion using the Twitter accounts that they control, according to the BleepingComputer.
The hackers are referring to their new operation as BlackByte version 2.0.
It is not known yet whether the group changed their ransomware encryptor, however, the BlackByte has released a brand-new Tor data leak site.
As of writing, the data leak site only has one victim, according to the BleepingComputer.
The group, however, is employing new extortion strategies allowing the victims to pay to extend the publishing of their data by 24 hours for $5,000.
For download of data, the gang requires $200,000, while to destroy all the data, the victim has to pay $300,000. Depending on the size or revenue of the victim, these prices will likely change.
However, these features are currently broken, as pointed out by cybersecurity intelligence firm KELA, as per News of Australia.
According to KELA, Bitcoin and Monero addresses that "customers" can use to purchase or delete the data are not correctly embedded in the new data leak site of BlackByte.
These new extortion techniques being employed by BlackByte aims to let the victim pay to remove their data. Their goal also includes allowing other hackers to buy the data if they want to.
These extortion techniques are first introduced by LockBit upon release of their 3.0 version. These are considered more as a "gimmick" rather than a viable extortion technique.
Read Also: Conti Ransomware Gang May Be Dead, But It Spawned Smaller Operations
FBI, Secret Service Warned of BlackByte Attack Earlier This Year
The operation of the BlackByte ransomware gang started in the summer of 2021. During the said year, the group started hacking corporate networks to steal data and encrypt devices, as per the BleepingComputer.
The NFL's 49ers were considered as the group's highest-profile attack. However, there is a joint advisory from the FBI and Secret Service blaming the group for attacks on critical infrastructure sectors.
In the past, the group was identified to breach Microsoft Exchange servers using the ProxyShell attack chain. They are known to hack networks using vulnerabilities.
According to the BleepingComputer, "a flaw in the operation was found" in 2021. This flaw made the creation of free BlackByte decryptor possible. However, the gang was able to fix the flaw after the weakness was identified.
According to an advisory from the FBI and the Secret Service, the BlackByte Ransomware gang targeted at least three U.S. critical infrastructure sectors earlier this year.
The agencies posted a warning in February of this year that the group had compromised multiple U.S. and foreign businesses.
The attacks included hacking of critical infrastructure, such as government facilities, financial services, and food and agriculture.
Related Article: BlackByte Ransomware: Decryptor for the 'Odd' Malware Has Been Released; Unskilled Hackers Behind It?