Blackbyte

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (USS) within its first year of operation. Despite efforts to combat BlackByte's activities, such as the release of a decrypter by Trustwave in October 2021, the ransomware group continued to evolve its tactics, persistently targeting organizations worldwide and notably avoiding entities based in Russia. In a recent development, Talos Incident Response (IR) observed a new variant of BlackByte ransomware, named BlackByte NT. This variant was initially noticed when the attackers compromised a valid account to gain access. Prior to this, Talos IR had seen the LockBit ransomware, which remains one of the most frequently observed ransomware families in their engagements. However, the emergence of BlackByte NT marks a significant evolution in the group's operations. The BlackByte ransomware group operates on a ransomware-as-a-service (RaaS) model, allowing affiliates to use its ransomware in return for a share of the profits. Despite claims made by the BlackByte ransomware group, some targeted websites, such as that of the Encina Wastewater Authority, remained operational without immediate signs of intrusion. Nevertheless, researchers have identified cases where a BlackByte ransomware intrusion led to significant business disruption, completing the attack chain in less than five days. As such, the rise of BlackByte and its new variant, BlackByte NT, underscores the evolving threats posed by ransomware groups.
What's your take? (Question 1 of 5)
15f2a073-fcb1-4b46-be27-db9e2d66f291 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AkiraUnspecified
3
Akira is a compact C++ ransomware that has wreaked havoc across various sectors, impacting over 60 organizations globally. It is compatible with both Windows and Linux systems and is known for its minimalistic JQuery Terminal-based hidden service used for victim communication. The malware enters you
LockbitUnspecified
3
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
ContiUnspecified
2
Conti is a malware program known for its disruptive capabilities, including stealing personal information and holding data hostage for ransom. It gained notoriety as part of the arsenal of ITG23, a cybercrime group that used it in conjunction with other malicious software like Trickbot, BazarLoader,
KarakurtUnspecified
2
Karakurt is a notorious malware and data extortion group, previously affiliated with ITG23, known for its sophisticated tactics, techniques, and procedures (TTPs). The group's operations involve stealing sensitive data from compromised systems and demanding ransoms ranging from $25,000 to a staggeri
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Blackbyte Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
2 months ago
Encina Wastewater Authority Cyberattack Claimed By BlackByte
CERT-EU
7 months ago
Attacks on web applications spike in third quarter, new Talos IR data shows
CERT-EU
a year ago
BlackByte 2.0 Ransomware Employs Wide Range of Tools in 5 Days
MITRE
6 months ago
An In-Depth Look at Black Basta Ransomware
CERT-EU
a year ago
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
CERT-EU
a year ago
Dallas ransomware recovery nearly completed
Checkpoint
a year ago
10th July – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
The Top 4 Ransomware Vulnerabilities Putting your Company in Danger - Cybersecurity Insiders
CERT-EU
a year ago
Ransomware gang Clop prepped zero-day MOVEit attacks in 2021
CERT-EU
a year ago
San Francisco 49ers agree to pay out victims of 2022 data breach
CERT-EU
a year ago
Cyclops ransomware's info stealer seeks Windows, Linux system compromise
CERT-EU
a year ago
8 of the Biggest Ransomware Attacks in Recent History: A Look Back
DARKReading
4 months ago
Kasseika Ransomware Linked to BlackMatter in BYOVD Attack
InfoSecurity-magazine
10 months ago
Cyber-Attacks Targeting Government Agencies Increase 40%
CERT-EU
10 months ago
Akira and BlackByte ransomware group claim attack on Yamaha Music Canada | IT Security News
CERT-EU
a year ago
The five-day job: A BlackByte ransomware intrusion case study – Cyber Security Review
CERT-EU
a year ago
Here’s how cybercriminals bypass EDR – and why security teams need a defense-in-depth approach
CERT-EU
9 months ago
Lapsus$ hackers convicted of breaching GTA 6, Nvidia, more | Digital Trends
CERT-EU
8 months ago
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
CERT-EU
8 months ago
Microsoft Defender for Endpoint now stops human-operated attacks on its own | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting