[MART] - Daily Diary #576 - BlackByte V2 Reveals New Extortion Tactics

ctas-mat at appgate.com ctas-mat at appgate.com
Thu Aug 18 20:45:48 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

08/18/2022 - Diary entry #576:

Covered in several of our Daily Diaries, most recently in our Daily Diary #454, BlackByte is one of the many ransomware operations active nowadays. Operating under the ransomware-as-a-service model, BlackByte is notorious for targeting manufacturing, healthcare, and other industries in the U.S. and Europe. In our Daily Diary #452, we covered BlackByte attack on San Francisco 49ers, one of their most high-profile victims.

Recently a new version of BlackByte wall-of-shame was discovered. Although still under development (since most features are still broken) the new website reveals an upgrade in BlackByte's extortion model. Now, after a victim's data is published in their wall-of-shame, they will have three options: extend the countdown timer for 24 hours (costing $5,000 USD), destroy all the stored information (costing $300,000 USD), or download the data (costing $200,000 USD).

We believe the values presented are just placeholders in their under-development platform, since ransomware operations often adjust the ransom value based on their target's revenue. Nevertheless, this change in their extortion technique shows a more aggressive approach, trying to profit on more than one level. If their approach is successful we believe other ransomware gangs will adopt a similar approach - therefore we highly recommend never paying the ransom, especially considering there is no guarantee that the decryptors will work, and neither that the stolen data will really be destroyed and not shared with other cybercrime gangs.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Manager, MART

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220818/580256da/attachment.htm>

More information about the MART mailing list