Ransomware Attack On Critical Infrastructure In US, FBI Warns Against BlackByte Ransomware

NEW DELHI: FBI issued an advisory that the BlackByte ransomware gang appears to have made a comeback after attacking at least three vital infrastructure sectors in the United States.

BlackByte is a ransomware-as-a-service (RaaS) company that rents out its ransomware infrastructure to other companies in exchange for a cut of the ransom money.

The gang first appeared in July 2021, when it began exploiting software flaws to target corporate victims all over the world.

ALSO READ: FBI Warning: Cybercriminals Can Steal Your Money Or Infect Phone, Check QR Code While Scanning

While BlackByte had some early success, with attacks in the manufacturing, healthcare, and construction industries in the United States, Europe, and Australia, the gang ran into trouble months later when cybersecurity firm Trustwave released a free decryption tool that allowed BlackByte victims to recover their files for free.

The ransomware’s simple encryption techniques caused some to believe it was the work of amateurs; instead of using unique keys for each session, the ransomware downloaded and performed the same key to encrypt files in AES.

Despite the setback, the BlackByte operation appears to be back with a vengeance. The FBI and the Secret Service (USSS) issued an alert on Friday warning that the ransomware gang had infiltrated multiple U.S. and foreign businesses, including “at least” three attacks on critical infrastructure in the United States, including government facilities, financial services, and food and agriculture.

ALSO READ: REvil Members Under Scanner: FBI Confiscates Bitcoin Worth Rs 17 Cr From Russian Hacker Involved in Ransomware

The alert, which includes symptoms of penetration to assist network defenders in detecting BlackByte breaches, was issued just days before the ransomware group claimed to have infected the San Francisco 49ers’ network. The day before the Super Bowl, BlackByte revealed the attack by disclosing a small number of files it alleges were taken.

While BlackByte isn’t the most active RaaS operation, it has been slowly raking up victims in recent months, according to Brett Callow, a ransomware expert and security analyst at Emsisoft. However, he adds that, in light of recent US government action against ransomware operators, the gang may be treading carefully.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube