A new form of malware found in a recent IT incident appears to have been inspired by other strains known to reap their operators huge financial rewards — but is likely the work of amateurs.
Dubbed BlackByte and discovered by Trustwave, the Windows-based ransomware is considered “odd” due to some of the design and function decisions made by its creators.
In a set of technical advisories published last week (1,2), the cybersecurity firm says the malware only targets systems that are not based on Russian or ex-USSR languages — a common trend in ransomware believed to be of Russian origin.
BlackByte has also taken advantage of what has become known as double-extortion in this space: not only does malware encrypt and lock up systems, but victims are also then faced with the threat of confidential information being leaked or sold online.
Modern ransomware operators, including Maze, ReEvil, Conti, and Babuk, run leak websites on the Dark Web for this purpose. BlackByte, too, has launched a website, but according to the researchers, the threat of data exfiltration and leaks is groundless — as the ransomware does not appear to have this functionality in the first place.
As a result, more victims