BlackByte Takes Aim

The San Francisco 49ers NFL team isn’t the only victim of the BlackByte ransomware gang. The gang has compromised entities in at least three U.S. critical infrastructure sectors, according to a joint warning issued by the FBI and the U.S. Secret Service

As of November 2021, BlackByte ransomware had compromised multiple U.S. and foreign businesses, including entities in at least three U.S. critical infrastructure sectors. Those include government facilities, financial, and food and agriculture.

BlackByte is a ransomware as a service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.

Erich Kron is KnowBe4‘s security awareness advocate.

“The critical infrastructure sector has been plagued by ransomware attacks, as the criticality of the systems makes quick recovery vital, which increases the likelihood that the victims will pay the ransom,” he said. “This same criticality also makes law enforcement attention much more likely. However, given the low success rate of law enforcement busts, this is often a chance the groups are willing to take.”

Critical infrastructure and many government entities are especially vulnerable to ransomware attacks as limited budgets, aging equipment and shortages in cybersecurity staffing all pose significant challenges for the defenders of these networks, Kron said.

“These groups must focus on the top attack vectors used in ransomware attacks, usually email phishing and attacks on remote access portals,” he said. “Training the users to spot and report phishing emails and improving the organizational security culture, along with ensuring remote access portals are monitored for brute force attacks and that credentials being used have multifactor authentication (MFA) enabled are some top ways to counter these threats.”