A brand new exfiltration tool, designed to steal data, has been identified by Symantec and operated by a cybercrime group known as Hecamdede. This latest threat operates using a custom data tool Infostealer.Exbyte and is being called BlackByte by the security industry after it had been found to have attacked multiple entities within the United States, including three providers responsible for critical infrastructure in this country. It is estimated that the BlackByte ransomware had been operating without detection for some time before being identified in February 2022. While many of the once significant ransomware as a service cybercrime groups have disappeared, this latest data exfiltration tool has profited greatly in their place.
Ransomware as a Service
Currently one of the most frequently used payloads in ransomware attacks at this time, BlackByte ransomware is a critical threat to network data security around the globe. The FBI has issued an alert to make sure that Information Technology (IT) providers and security companies are aware of the threat, particular to infrastructure services. While Symantec experts say that BlackByte is not any worse than all other ransomware, the fact that it is now the most used approach, alongside Hive, AvosLocker, Noberos, and Quantum, makes it extremely dangerous. There are many written in protocols that make this ransomware as a service tool to be discovered, even when an attack is identified.
Written in the Go programming language, BlackByte can detect whether it is running in a sandbox or on a network. If inside a network it uploads files via the Mega.co.nz cloud storage service. If inside of a sandbox, it will quit running and go dormant, making it a challenge to detect. When on an infected computer, the data exfiltration tool will rename all document files, including .txt, .doc, and .pdf, saving the full path and file name to a dummy folder. Those files are then uploaded to a new folder on Mega.co.nz that is created by the malware with credentials hard-coded into Exbyte. This is similar to Exmatter, another data exfiltration tool discovered by Symantec in November 2021, which was used by BlackMatter in Noberus attacks.
How to Protect Network Data Security
While new types of ransomware as a service threats are created every day and BlackByte ransomware is just one of many that could threaten your company data, it is essential to stay proactive in your approach. Working with a group of highly trained and experienced IT technicians and consultants can ensure that your system is well-protected. Having a business continuity plan, which includes a backup and recovery program that is designed according to your unique needs and is tested regularly, can be even more beneficial. 24 hour a day, seven days a week monitoring and management services can help your business to recover quickly from any type of attack. This is known to assist in the longevity of your organization and the ability of your business to survive these types of threats.
The good news is that programs like BlackByte are difficult to stop, but are in no way impossible to overcome. Synivate offers a wide range of services designed to protect your sensitive company data and increase network data security to safeguard your business. To learn more about the services that we offer, including monitoring and management, business continuity, and network security, give us a call at 617-848-1248. Located in Massachusetts, we provide a variety of comprehensive services, innovative technology solutions, and professional consulting support to many different businesses right here in the Greater Boston area. Contact our team today for a free comprehensive consultation with no pressure, no obligation, just honest and friendly advice. We can answer any questions you might have about our services and discuss the different ways that you can safeguard essential data from ransomware as a service attacks now and in the future.