FBI: BlackByte ransomware breached US critical infrastructure

2022-02-14 15:41

The US Federal Bureau of Investigation revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.

"As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors.," the federal law enforcement agency said [PDF].

"BlackByte is a Ransomware as a Service group that encrypts files on compromised Windows host systems, including physical and virtual servers."

The IOCs associated with BlackByte activity shared in the advisory include MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services servers and a list of commands the ransomware operators used during attacks.

BlackByte ransomware operation has been active since at least July 2021, when it started targeting corporate victims worldwide.

In October, cybersecurity firm Trustwave created and released a free BlackByte decryptor, enabling some victims to restore their files for free after the ransomware gang used the same decryption/encryption key in multiple attacks.

News URL

https://www.bleepingcomputer.com/news/security/fbi-blackbyte-ransomware-breached-us-critical-infrastructure/

#critical #FBI #infrastructure #ransomware #US

News URL

Related news