Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BlackByte. Show all posts

20K Users' Data was Stolen by Blackbyte Ransomware Group

 


Owing to a ransomware attack that impacted its network earlier this year, the NFL's San Francisco 49ers are distributing warning letters to all affected individuals, revealing a data breach impacting more than 20,000 of them.

A week prior to Super Bowl Sunday, the BlackByte ransomware group targeted the team's networks, sparking concerns about what would have transpired had the club retained its late-game lead two weeks earlier to win the championship game.

Personal information belonging to 20,930 people was accessed and taken during the hack between February 6 and February 11, 2022, according to the San Francisco Bay Area professional American football team.

On Monday, the company announced that an investigation had been updated and that the theft had taken six days. Also, it stated it has begun sending letters of notification to people whose data may have been exposed. The group said that it "conducted a thorough assessment of these data to discover the individuals whose data was stored within, and additional research to locate and validate the addresses for these people."

A total of 20,930 names and related Social Security numbers were acquired during the incident, the business further stated in its notification to the Maine Attorney General's Office, where it is allowed by law to report data breaches.

In order to take credit for the hack, the BlackByte gang began leaking files purportedly taken from the 49ers' network on February 12, just as the NFL was preparing for the Super Bowl 2022.

The ransomware organization released an archive with 292 MB worth of files it claimed were invoices taken from the 49ers' infected systems.

The group first surfaced in September 2021, according to experts, with ransomware that was poorly coded. A flaw was uncovered in it, and the cybersecurity company Trustwave exploited it to produce a free decryptor.

However, the organization was able to carry out many attacks after creating a second edition of the ransomware that fixed the Trustwave's flaws. Only one day after the 49ers attack became widely known, the FBI issued a security notice regarding BlackByte.

BlackByte Ransomware is Back With New Version


New Variant 

The BlackByte ransomware has returned with version 2.0 of their operation, this includes a new data leak website that uses new extortion techniques taken from Lockbit. After disappearing for a while, the ransomware is now promoting a new data leak website on hacking platforms and via Twitter accounts the hacker controls. 

The hackers call this new launch of their operation BlackByte version 2.0, currently, it is unclear if the ransomware encryptor has changed too, the hacking group has launched a brand new Tor data leak website. 

The data leak website currently has only one target but now consists of new extortion techniques that let victims to pay for extending the duration of their data by one day ($5000), download the data ($200,000), or delete all the data ($300,000). The costs are likely to change, it depends on the size/earning of the victim. 

But, as said by the cybersecurity intelligence agency KELA, BlackByte's latest data leak website is not rightly embedding the Monero and Bitcoin addresses that users can use to buy or delete the data, which makes these features not perfect. 

The aim of these latest extortion tricks is to let the victim to pay to delete all their data and for other hackers to buy it if they want. Lockbit released these same extortion techniques with the launch of their 3.0 version and are observed more as a bluff than as viable extortion techniques. 

What is BlackByte 

The BlackByte ransomware operation was released last year when the attackers started compromising corporate networks for stealing data and encrypting devices. 

Their biggest profile attack was against the NFL's 49ers, however a joint advisory from the secret service and FBI said that they were also behind attacks on critical infrastructure systems, these include financial institutions, government facilities, and agriculture, and food industries. 

The hackers are popular for breaching networks using bugs and have earlier compromised Microsoft Exchange servers via a ProxyShell attack chain. 

Last year, a vulnerability was found in the operation that allowed to create a free BlackByte decryptor. Sadly, when the flaw was found, the hackers patched it.