Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

BlackByte Unveils New Encryptor and TTPs

August 28, 2024
Reading Time: 2 mins read
in Alerts
BlackByte Unveils New Encryptor and TTPs

The BlackByte ransomware gang, a notable offshoot of Conti’s splinter groups, has unveiled a new iteration of its encryptor along with advanced tactics, techniques, and procedures (TTPs). The latest version of their encryptor features a unique file extension, ‘blackbytent_h,’ which has not been observed in previous reports. This updated encryptor also utilizes an enhanced Bring Your Own Vulnerable Driver (BYOVD) technique, incorporating four vulnerable drivers compared to the two or three used in earlier versions, thereby increasing its effectiveness in compromising systems.

In recent attacks, BlackByte affiliates have demonstrated a notable shift in their tactics. They have begun exploiting CVE-2024-37085, an authentication bypass vulnerability in VMware ESXi, allowing them to encrypt multiple virtual machines simultaneously. Additionally, the ransomware group has adapted its approach by leveraging victims’ authorized remote access mechanisms and valid VPN credentials, rather than relying on traditional remote administration tools like AnyDesk. This new method not only aids in bypassing detection but also minimizes visibility from the organization’s endpoint detection and response (EDR) systems.

For lateral movement within compromised networks, BlackByte has employed Server Message Block (SMB) and Remote Desktop Protocol (RDP), while also misusing NTLM hashes for authentication. The ransomware’s execution routine involves creating a service on the local system, scanning for network shares using Active Directory credentials captured from the victim’s environment, and likely transmitting the ransomware binary over SMB to other networked systems. This technique highlights the group’s adaptability and sophistication in conducting their operations.

BlackByte’s victims primarily include businesses in the manufacturing, construction, and transportation sectors. However, researchers estimate that the true number of affected organizations is significantly higher than the figures publicly available on BlackByte’s data leak site. The discrepancy may arise from factors such as victims paying ransoms before their details are posted or the group selectively publishing victim information. Updated recommendations and indicators of compromise have been shared by Cisco’s researchers to assist defenders in safeguarding against these evolving threats.

Reference:

  • BlackByte Ransomware Gang Debuts New Encryptor and Advanced Tactics
Tags: AnyDeskAugust 2024BlackByteBYOVDContiCyber AlertsCyber Alerts 2024Cyber threatsRansomwaresplinter groupsVPN
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial