Security News > 2022 > February > FBI: BlackByte ransomware breached US critical infrastructure
The US Federal Bureau of Investigation revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.
"As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors.," the federal law enforcement agency said [PDF].
"BlackByte is a Ransomware as a Service group that encrypts files on compromised Windows host systems, including physical and virtual servers."
The IOCs associated with BlackByte activity shared in the advisory include MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services servers and a list of commands the ransomware operators used during attacks.
BlackByte ransomware operation has been active since at least July 2021, when it started targeting corporate victims worldwide.
In October, cybersecurity firm Trustwave created and released a free BlackByte decryptor, enabling some victims to restore their files for free after the ransomware gang used the same decryption/encryption key in multiple attacks.
News URL
Related news
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (source)
- US charges Phobos ransomware admin after South Korea extradition (source)
- Phobos ransomware administrator faces US cybercrime charges (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Ransomware payments are now a critical business decision (source)
- US government, energy sector contractor hit by ransomware (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)