The FBI has issued a warning that a ransomware group called “Blackbyte” has successfully attacked US and foreign entities including government facilities, financial services and food & agriculture infrastructure.
“The BlackByte executable leaves a ransom note in all directories where encryption occurs,” indicated the joint cybersecurity advisory issued by the FBI and the US Secret Service. “The ransom note includes the .onion site that contains instructions for paying the ransom and receiving a decryption key.”
Among recommendations issued for mitigation are regular offline backup copies of data, network segmentation limiting the interconnectivity of machines on a network and double authentication when logging into accounts and services, among others.
Ransomware in the past has led to at least one US county paying a $132,000 ransom for the restoration of its systems after being infected with the Ryuk virus. In the private sector the most publicized case concerned the Colonial pipeline, the largest pipeline infrastructure in the US, which suffered a ransomware attack in 2020 costing the owners $5 million in ransom.
