Recent findings from Cisco’s cybersecurity team, Talos, reveal that the BlackByte ransomware gang is only disclosing a fraction of its successful attacks on its leak site this year. Despite their extensive activity, Talos researchers estimate that the group is only publicizing about 20% to 30% of its successful breaches.
In 2023, BlackByte listed 41 victims, but in 2024, only three have been reported so far. This discrepancy raises questions about the gang’s strategy and motives for withholding information on their leak site. BlackByte has been linked to several high-profile attacks on local governments, including Newburgh, New York, and Augusta, Georgia, as well as major organizations like the San Francisco 49ers and Yamaha.
Cisco Talos researchers have observed that BlackByte is rapidly evolving, often being among the first to exploit newly discovered vulnerabilities. One such example is the CVE-2024-37085 vulnerability in ESXi software, which the group began exploiting shortly after its disclosure by Microsoft. This swift adaptation underscores the gang’s capability to quickly integrate new tactics, techniques, and procedures into their operations.
BlackByte, believed to be an offshoot of the now-defunct Conti operation, emerged in late 2021 and has a notorious history of exploiting public-facing vulnerabilities. The flexibility provided by their ransomware-as-a-service (RaaS) model allows them to continually refine and update their tools to bypass new cybersecurity defenses.
Critical Start cyberthreat researcher Callie Guenther highlighted the significance of BlackByte’s focus on the CVE-2024-37085 vulnerability, which affects VMware ESXi hypervisors. These hypervisors are crucial to enterprise IT infrastructure, enabling servers to run multiple virtual machines efficiently. By targeting such vital systems, BlackByte demonstrates a keen understanding of the high potential returns from attacking these critical components.
Guenther emphasized that BlackByte’s adoption of this vulnerability showcases their strategic focus on systems that offer substantial ransom payouts, further solidifying their position as a formidable threat in the cybersecurity landscape.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
