The Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware gang broke through the networks of three U.S. organizations operating in critical infrastructure sectors.
The breach, which began three months ago, was revealed in a TLP:WHITE joint cybersecurity advisory released recently in partnership with the U.S. Secret Service.
“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.”
The advisory centers on providing indicators of compromise (IOCs) that organizations can use to detect and defend BlackBytes attacks.
The BlackByte ransomware gang has been active since July 2021 and mainly targets corporate victims globally.
The gang is also notorious for exploiting software vulnerabilities such as Microsoft Exchange Server to gain access to the network of their attacks.
In October, the cybersecurity firm Trustwave developed and launched a free BlackByte decryptor, which enabled some victims to restore their files for free, after the ransomware gang had used the same decryption/encryption key in various attacks.
The two agencies also shared some measures that can help administrators mitigate BlackByte violations.