A new form of malware called BlackByte has been discovered in a recent IT incident. The malware appears to have been inspired by other strains and is likely the work of amateurs, according to security researchers at Trustwave. The ransomware is reportedly odd in nature due to some design and function choices enacted by its creators. Trustware posted a series of technical advisories last week in which they stated that the malware’s only targets are systems not based on Russian or ex-USSR languages, which is a common trend in ransomware of Russian origin.
BlackByte has also launched some double extortion attacks, in which malware encrypts and locks up systems, and victims are faced with the threat of confidential data being exposed to the public online. For double extortion attacks, many ransomware operators run leak websites. BlackByte has launched a website, according to researchers, however, the threat of data exfiltration and leaks is baseless as the ransomware reportedly does not possess this functionality. BlackByte’s encryption process also reveals the skill level of the threat actors behind the ransomware as it downloads and executes the same key to encrypt files in AES rather than unique keys for each session. Therefore, a decryption key has been made available.
Read More: BlackByte ransomware decryptor released