Special Security Advisory: FBI and USSS Release Advisory on BlackByte Ransomware
_______________________________
Situation
The federal Bureau of Investigation and the United States Secret Service (USSS) have released a joint Cybersecurity Advisory (CSA) identifying indicators or compromise associated with Black Byte ransomware.
Problem
BlackByte is a Ransomware-as-a-service group that encrypts files on compromised Windows host systems, including the physical and virtual servers.
Implication
Once they are in, threat actors can deploy tools to move laterally across the network and escalate privileges before exfiltrating and encrypting files. This can in turn, keep you from accessing your critical data, where the threat actors can demand a ransom.
Mitigation plans
- Mitigations are needed such as: Implementing regular backups of all data to be stored as air gapped, password protected copies offline.
Implement network segmentation, such as all machines on your network are not accessible from every other machine. - Install updates/patch operating systems, software, firmware as soon as updates are released.
- Install and regularly update antivirus software on all hosts and enable real time protection.
Resources: