• World CyberCon India
Firewall Daily Ransomware

BlackByte Ransomware Gang Returns With Version 2.0

Ransomware gang returns with BlackByte version 2.0. Here’s how the new version aims to extort money and why it should be taken seriously.

BlackByte Ransomware Gang Returns With Version 2.0
  • PublishedAugust 21, 2022

The BlackByte ransomware has resurfaced with a new 2.0 version. The news comes after a data leak website emerged on the hacking forums, borrowing extortion techniques from LockBit. The ransomware had previously built a name in the cybersecurity channels by getting attention from the Federal Bureau of Investigation (FBI) and the US Secret Service (USS). After Conti’s wrath in the US, BlackByte seems to be the new chief ransomware posing as a high-risk security threat.

After its brief disappearance, the ransomware gang is back and is operating via a new data leak site known as BlackByte Blog (the name is not yet confirmed). The hackers behind version 2.0 gang target Twitter users using a new operation called BlackByte version 2.0. However, researchers are still unsure whether the ransomware uses the same encryptor or is changed with the new variant.

BlackByte version 2.0 operates via a new data leak site

Image Credit Unit 42

The ransomware gang is probably testing its capabilities and features with version 2.0 because it has only reached one victim as of August 2022. The team has adopted new extortion strategies with this variation of the ransomware, including increasing extortion based on the target’s financial status. For example, stopping the hackers from publishing the data within the next 24 hours will cost $5,000, ceasing the gang from downloading all the data would cost $200,000, and stopping the data from being destroyed would cost companies $300,000.

The new technologies will undoubtedly pressure companies as they would have only 24 hours to decide, or they will lose the data. However, the prices for these extortions can change depending upon the victim’s revenue models and size. For example, the BlackByte ransomware gang will charge less extortion fees from medium-sized enterprises (SMEs). Whereas bigger, more prominent corporations with higher profiles would be charged more.

The enigma of BlackByte version 2.0 extortion methods

Though the ransomware gang poses to use its new weapon “BlackByte version 2.0” to extort money, the Israel-based threat intelligence firm KELA explains that it cannot do what it says right now. According to a Tweet by KELA, the company explains that the new data leak website cannot correctly embed its wallet address for receiving payments.

While sarcastically stating the flaw in BlackByte’s website, KELA said, “The first rule of a ransomware gang is: if you aim to receive ransom, provide your wallet. It doesn’t look like new #BlackByte is going to receive any payments…”

In short, the website currently offering BlackByte version 2.0 services is not usable because clients who wish to download, purchase or delete particular data cannot complete the transaction, making the new extortion method useless as of August 2022.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.


  • […] ransomware gang Ragnar Locker took responsibility for the recent cyberattack on Portugal’s national airline […]

  • […] investigation of the football team, 49ers, with regards to the data theft that took place after the BlackByte ransomware gang stole information from its corporate IT network. The cybercrime impacted the records of 20,930 […]

  • […] it demanded hundreds of thousands of dollars from its victims. According to sources, the Lorenz ransomware gang is actively selling stolen data from enterprises. It pressures the victims to pay the ransom with […]

Comments are closed.