The FBI has recently announced a breach impacting several organizations belonging to US critical infrastructure sectors caused by the BlackByte ransomware. The breach has been extended over the last three months and at least 3 organizations were impacted.
BlackByte Ransomware Targeting US Organizations
The US Federal Bureau of Investigation released a TLP:WHITE joint advisory on Friday in collaboration with the US Secret Service where details about BlackByte ransomware and its impact were provided.
This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture). BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.
In the advisory, there were also mentioned IOC (Indicators of Compromise) that would help companies identify and mitigate cyberattacks that employ this type of ransomware. The IOCs indicate ASPX files’ MD5 hashes that were identified on compromised Microsoft Internet Information Services (IIS) servers as well as different commands run