[ad_1]

The US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware group has breached the networks of at the least three organizations from US vital infrastructure sectors within the final three months.
This was disclosed in a TLP:WHITE joint cybersecurity advisory launched Friday in coordination with the US Secret Service.
“As of November 2021, BlackByte ransomware had compromised a number of US and international companies, together with entities in at the least three US vital infrastructure sectors (authorities services, monetary, and meals & agriculture).,” the federal regulation enforcement company stated [PDF].
“BlackByte is a Ransomware as a Service (RaaS) group that encrypts information on compromised Home windows host techniques, together with bodily and digital servers.”
The advisory focuses on offering indicators of compromise (IOCs) that organizations can use to detect and defend towards BlackByte’s assaults.
The IOCs related to BlackByte exercise shared within the advisory embrace MD5 hashes of suspicious ASPX information found on compromised Microsoft Web Data Providers (IIS) servers and a listing of instructions the ransomware operators used throughout assaults.
The 49ers ransomware assault
In associated information, NFL’s San Francisco 49ers crew revealed over the weekend that it is recovering from a BlackByte ransomware assault.
The menace actors claimed the assault, saying that in addition they stole information from the soccer org’s servers throughout the incident and leaked nearly 300MB price of information on their information leak weblog.
The 49ers confirmed the ransomware assault in a press release to BleepingComputer and stated it solely induced a short lived disruption to parts of its IT community.
BlackByte ransomware operation has been energetic since at the least July 2021, when it began focusing on company victims worldwide.
This gang is thought for exploiting software program vulnerabilities (together with Microsoft Trade Server) to achieve preliminary entry to their enterprise targets’ community, illustrating that holding your servers up to date will most probably block their assaults.
In October, cybersecurity agency Trustwave created and launched a free BlackByte decryptor, enabling some victims to revive their information at no cost after the ransomware gang used the identical decryption/encryption key in a number of assaults.
The 2 businesses additionally shared a listing of measures that may assist admins mitigate BlackByte assaults:
- Implement common backups of all information to be saved as air gapped, password protected copies offline. Guarantee these copies aren’t accessible for modification or deletion from any system the place the unique information resides.
- Implement community segmentation, such that each one machines in your community aren’t accessible from each different machine.
- Set up and usually replace antivirus software program on all hosts, and allow actual time detection.
- Set up updates/patch working techniques, software program, and firmware as quickly as updates/patches are launched.
- Evaluation area controllers, servers, workstations, and energetic directories for brand new or unrecognized consumer accounts.
- Audit consumer accounts with administrative privileges and configure entry controls with least privilege in thoughts. Don’t give all customers administrative privileges.
- Disable unused distant entry/Distant Desktop Protocol (RDP) ports and monitor distant entry/RDP logs for any uncommon exercise.
- Think about including an electronic mail banner to emails acquired from exterior your group.
- Disable hyperlinks in acquired emails.
- Use double authentication when logging into accounts or companies.
- Guarantee routine auditing is carried out for all accounts.
- Guarantee all of the recognized IOCs are enter into the community SIEM for steady monitoring and alerts.
[ad_2]
