By Jon Munshaw.
Welcome to this week’s edition of the Threat Source newsletter.
Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty — let’s just stick to some security news this week. The one big thing
The BlackByte ransomware group uses its software for its own goals and as a ransomware-as-a-service offering to other criminals. This actor and its affiliates have infected victims all over the world, from North America to Colombia, the Netherlands, China, Mexico and Vietnam. BlackByte updated its leak site with a new design and new victims and is still actively exploiting victims worldwide.
Why do I care?
Talos has been monitoring BlackByte for several months and we can confirm they are still active after the FBI released a joint cybersecurity advisory in February 2022. Additionally, BlackByte is considered part of the big game ransomware groups, which are targeting large, high-profile targets, looking to exfiltrate internal data and threatening to publicly release it. Like similar groups, they have their own leaks site on the darknet.
So now what? It’s more important now than ever to have a multi-layered security architecture to detect these types of