Security News > 2022 > February > FBI: BlackByte ransomware breached US critical infrastructure
The US Federal Bureau of Investigation revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.
"As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors.," the federal law enforcement agency said [PDF].
"BlackByte is a Ransomware as a Service group that encrypts files on compromised Windows host systems, including physical and virtual servers."
The IOCs associated with BlackByte activity shared in the advisory include MD5 hashes of suspicious ASPX files discovered on compromised Microsoft Internet Information Services servers and a list of commands the ransomware operators used during attacks.
BlackByte ransomware operation has been active since at least July 2021, when it started targeting corporate victims worldwide.
In October, cybersecurity firm Trustwave created and released a free BlackByte decryptor, enabling some victims to restore their files for free after the ransomware gang used the same decryption/encryption key in multiple attacks.
News URL
Related news
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (source)