BlackByte ransomware group has claimed to have data from three companies. The alleged stolen data has been put up for sale on their leak site and can be accessed without any payment.
In a post titled ‘NEW YEAR SALE’, the group listed CPTM, Hayward, and KansasCityHomes as its victims. Their post, as shown below, seems to have used “new year” as an advertising tool for the alleged cyberattack.
BlackByte Ransomware Group Latest Victims
Hayward Industries Inc. is a commercial company that sells spa equipment and other utilities. It is headquartered in the United States of America. Kansas City homes is a real estate company.
However, the CPTM company could not be distinguished from other companies with the same name, as the ransomware group did not share any further information about the organization.
The ransomware group also published another post that put ARC e-arc.com on its victim list. ARC offers printing services. Contrary to the previous post, this one demanded ransom for the breached data.
This clearly raises suspicion on how the group demands ransom for the data. It can also be interpreted as anger or disappointment in failing to get a ransom from the target company, hence posting it online for free.
The price BlackByte quoted for the sale or deletion of ARC’s data was $350,000. “If you are interested to purchase the data or requesting to remove it, Please connect us through our Email/TOX,” read the post.
The offer to delete the information was understandably made for the victim company. It may suggest that the ransomware attack could not be completed on the systems, likely because of it getting mitigated by the company’s cybersecurity experts.
Earlier, in a tweet, FalconFeedsio said that the LockBit ransomware group also added three victims’ names to their leak page — Politriz, Melody Shipping Agency Co. Ltd., and Fulfilment Matters UK as shown below:
The above leak site post threatened to publish the data with 30th January, 2023 being the deadline for payment. According to the post, published on 16 January, the LockBit group claimed to have 5 GB of encrypted data that was pilfered on 22nd December 2022.
BlackByte and attack methods
BlackByte ransomware has been used in attacks on at least three critical infrastructure sectors in the United States in 2022, according to a joint advisory by the FBI and US Secret Service.
BlackByte is available as a Ransomware-as-a-Service and has been used in attacks against US and foreign businesses in sectors such as government, financial, and food and agriculture. The San Francisco 49ers is among the recent high-profile victims of the ransomware.
Victims have discovered that the attackers exploited a known Microsoft Exchange Server vulnerability to gain initial access, then deployed tools to move laterally on the network and steal and encrypt data.
After an attack, victims typically find a ransom note with instructions to access a website on the Tor network to pay for the decryption key.
“In some instances, BlackByte ransomware actors have only partially encrypted files. In cases where decryption is not possible, some data recovery can occur,” said the joint advisory.