The BlackByte ransomware has resurfaced with a new 2.0 version. The news comes after a data leak website emerged on the hacking forums, borrowing extortion techniques from LockBit. The ransomware had previously built a name in the cybersecurity channels by getting attention from the Federal Bureau of Investigation (FBI) and the US Secret Service (USS). After Conti’s wrath in the US, BlackByte seems to be the new chief ransomware posing as a high-risk security threat.
After its brief disappearance, the ransomware gang is back and is operating via a new data leak site known as BlackByte Blog (the name is not yet confirmed). The hackers behind version 2.0 gang target Twitter users using a new operation called BlackByte version 2.0. However, researchers are still unsure whether the ransomware uses the same encryptor or is changed with the new variant.
BlackByte version 2.0 operates via a new data leak site
The ransomware gang is probably testing its capabilities and features with version 2.0 because it has only reached one victim as of August 2022. The team has adopted new extortion strategies with this variation of the ransomware, including increasing extortion based on the target’s financial status. For example, stopping the hackers from publishing the data within the next 24 hours will cost $5,000, ceasing the gang from downloading all the data would cost $200,000, and stopping the data from being destroyed would cost companies $300,000.
The new technologies will undoubtedly pressure companies as they would have only 24 hours to decide, or they will lose the data. However, the prices for these extortions can change depending upon the victim’s revenue models and size. For example, the BlackByte ransomware gang will charge less extortion fees from medium-sized enterprises (SMEs). Whereas bigger, more prominent corporations with higher profiles would be charged more.
The enigma of BlackByte version 2.0 extortion methods
— KELA (@Intel_by_KELA) August 17, 2022
Though the ransomware gang poses to use its new weapon “BlackByte version 2.0” to extort money, the Israel-based threat intelligence firm KELA explains that it cannot do what it says right now. According to a Tweet by KELA, the company explains that the new data leak website cannot correctly embed its wallet address for receiving payments.
While sarcastically stating the flaw in BlackByte’s website, KELA said, “The first rule of a ransomware gang is: if you aim to receive ransom, provide your wallet. It doesn’t look like new #BlackByte is going to receive any payments…”
In short, the website currently offering BlackByte version 2.0 services is not usable because clients who wish to download, purchase or delete particular data cannot complete the transaction, making the new extortion method useless as of August 2022.