BlackByte is a financially motivated ransomware-as-a-service (RaaS) operation that first emerged in July 2021, evolving rapidly from initial C# implementations to more sophisticated variants written in Go, .NET, and C++. The group is assessed with high confidence to be of Russian origin, given its observed avoidance of systems configured with Russian and certain Eastern European languages. BlackByte initially used a simple symmetric encryption key that allowed security researchers to develop a public decryptor, prompting the group to significantly update its encryption methods and implement a more robust BlackByte 2.0. This group distinguishes itself by continually incorporating newly disclosed vulnerabilities into its attack chains and offering unique, flexible extortion options to victims, such as paying to delay data publication or to download and destroy stolen information, beyond the standard double extortion model of data encryption and exfiltration. BlackByte is not known to ope

URLs nuevas detectadas en IntelTracker