

This new variant introduced many additional features and updated the file encryption algorithms. A more recent Go-based variant was introduced around February 2022. The first variant was seen in-the-wild around September 2021 and shares many similarities with the C# version including the commands executed to perform lateral propagation, privilege escalation, and file encryption algorithms. ThreatLabz has identified two variants of the Go-based variant of BlackByte. In this post, Zscaler ThreatLabz analyzes two variants of the Go-based implementation of BlackByte ransomware. The BlackByte Go variant was used in attacks described in an FBI advisory that warned BlackByte had compromised numerous businesses, including entities in US critical infrastructure sectors. More recently, the authors redeveloped the ransomware using the Go programming language. Previous versions of the ransomware were written in C#.

The group has demanded multi-million dollar ransoms from some victims.
_5000x3287.jpg)
The threat group exfiltrates data prior to deploying ransomware and leaks the stolen information if a ransom is not paid.The ransomware was originally written in C# and later redeveloped in the Go programming language around September 2021.

BlackByte is a full-featured ransomware family that first emerged around July 2021.
