atlantahas.blogg.se - Pestudio the file opts for cookies on the stack

This new variant introduced many additional features and updated the file encryption algorithms. A more recent Go-based variant was introduced around February 2022. The first variant was seen in-the-wild around September 2021 and shares many similarities with the C# version including the commands executed to perform lateral propagation, privilege escalation, and file encryption algorithms. ThreatLabz has identified two variants of the Go-based variant of BlackByte. In this post, Zscaler ThreatLabz analyzes two variants of the Go-based implementation of BlackByte ransomware. The BlackByte Go variant was used in attacks described in an FBI advisory that warned BlackByte had compromised numerous businesses, including entities in US critical infrastructure sectors. More recently, the authors redeveloped the ransomware using the Go programming language. Previous versions of the ransomware were written in C#.

More recent BlackByte versions use Curve25519 Elliptic Curve Cryptography (ECC) for asymmetric encryption and ChaCha20 for symmetric file encryptionīlackByte is a Ransomware-as-a-Service (RaaS) group that has been targeting corporations worldwide since July 2021.

In early versions of the ransomware, file encryption utilized a hardcoded 1,024-bit RSA public key along with a 128-bit AES key that was derived from a file retrieved from a command and control server.

BlackByte ransomware employs various anti-analysis techniques including a multitude of dynamic string obfuscation algorithms.

The group has demanded multi-million dollar ransoms from some victims.

The threat group exfiltrates data prior to deploying ransomware and leaks the stolen information if a ransom is not paid.The ransomware was originally written in C# and later redeveloped in the Go programming language around September 2021.

BlackByte is a full-featured ransomware family that first emerged around July 2021.