BlackByte Ransomware Breaches U.S. Critical Infrastructure

The Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware gang broke through the networks of three U.S. organizations operating in critical infrastructure sectors.

The breach, which began three months ago, was revealed in a TLP:WHITE joint cybersecurity advisory released recently in partnership with the U.S. Secret Service.

“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.”

The advisory centers on providing indicators of compromise (IOCs) that organizations can use to detect and defend BlackBytes attacks.

The BlackByte ransomware gang has been active since July 2021 and mainly targets corporate victims globally.

The gang is also notorious for exploiting software vulnerabilities such as Microsoft Exchange Server to gain access to the network of their attacks.

In October, the cybersecurity firm Trustwave developed and launched a free BlackByte decryptor, which enabled some victims to restore their files for free, after the ransomware gang had used the same decryption/encryption key in various attacks.

The two agencies also shared some measures that can help administrators mitigate BlackByte violations.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web