Security News > 2022 > February > FBI: BlackByte ransomware breached US critical infrastructure
The US Federal Bureau of Investigation revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.
"As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors.," the federal law enforcement agency said [PDF].
"BlackByte is a Ransomware as a Service group that encrypts files on compromised Windows host systems, including physical and virtual servers."
The IOCs associated with BlackByte activity shared in the advisory include MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services servers and a list of commands the ransomware operators used during attacks.
BlackByte ransomware operation has been active since at least July 2021, when it started targeting corporate victims worldwide.
In October, cybersecurity firm Trustwave created and released a free BlackByte decryptor, enabling some victims to restore their files for free after the ransomware gang used the same decryption/encryption key in multiple attacks.
News URL
Related news
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware (source)
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools (source)
- US sensor giant Sensata admits ransomware derailed ops (source)