BlackByte ransomware will now stash your data in the cloud

Data exfiltration tool sends all stolen files to the cloud

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

One of the most prominentransomwarevariants around today has become even more deadly with the addition of a new custom tool that stores stolen sensitive data in the cloud.

Cybersecurity researchers from Symantec’s Threat Hunter Team have published a new report onBlackByte, in which it states that at least one ransomware affiliate is using Exbyte to siphon out stolen data.

Exbyte is a custom data exfiltration tool, built in Go for Windows, and once turned on, sends all of the stolen data to a specific folder on the Megacloud storageservice. The folder is password-protected, with the credentials being hardcoded into the tool itself. Before sending the files, though, the tool will check to see if it’s in a sandbox, making it harder for cybersecurity teams to analyze the sample. It also checks to see if there are any antivirus tools running on the compromisedendpointas well.

Rising up

Rising up

This is a telltale sign of BlackByte becoming one of the most prominent players in the ransomware world, especially with the dismantling of Conti and REvil.

“Following the departure of a number of major ransomware operations such as Conti and Sodinokibi [also known as REvil], BlackByte has emerged as one of the ransomware actors to profit from this gap in the market,” Symantec’s report reads.

San Francisco 49ers hit by ransomware attack>This devious malware is able to disable your antivirus>These are the best ID theft protection tools right now

“The fact that actors are now creating custom tools to use in BlackByte attacks suggests that is may be on the way to becoming one of the dominant ransomware threats.”

Exbyte is hardly the only custom data exfiltration tool around. Researchers from Symantec also said they detected a similar tool in November last year, called Exmatter. This one was used, first and foremost, by the BlackMatter ransomware group. It was later adopted by Noberus. Ryuk uses the Ryuk Stealer, while LockBit uses StealBit.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

After Arcane season 1 ended on a stunning cliff hanger, its creators say it was ‘always the plan’ for those characters to die in the season 2 premiere