[ad_1]
“Like most ransomware operators, the techniques BlackByte uses are not particularly sophisticated, but that doesn’t mean they aren’t impactful.”
Harrison Van Riper, senior intelligence analyst at Red Canary, said that the tactics in the FBI’s advisory are consistent with what Red Canary has observed from BlackByte operators, which “use tried and true tactics.”
“Like most ransomware operators, the techniques BlackByte uses are not particularly sophisticated, but that doesn’t mean they aren’t impactful,” said Van Riper. “The operation we observed relied on known techniques for initial access, such as the ProxyShell exploitation, and common network reconnaissance commands.”
Brett Callow, threat analyst with Emsisoft, said that BlackByte emerged in the middle of last year and has been “slowly but steadily” amassing victims ever since. These victims have reportedly included organizations like the Iowa-based Farmers Cooperative Elevator Co., and, more recently, the San Francisco 49ers NFL team.
“Like multiple other ransomware families, it’s coded not to encrypt systems that use Russian or CIS languages but – and I want to stress this – that does not mean the attack came from Russia or the CIS,” said Callow.
The alert comes days after national security authorities in the United States, UK, and Australia released a warning that ransomware groups are continuing to shift their tactics to stay ahead of defenses. The alert revealed that 14 out of the 16 designated critical infrastructure sectors in the U.S. were targeted by attacks in 2021, but noted that in the second half of the year, ransomware groups shifted away from larger organizations in favor of smaller targets in the U.S. In its BlackByte advisory, the FBI said organizations can protect themselves by implementing regular data backups that should be stored as air-gapped, password-protected copies offline. Organizations should also “ensure these copies are not accessible for modification or deletion from any system where the original data resides,” said the FBI. Other mitigation measures include implementing network segmentation, installing antivirus software and regularly applying patches and software updates.
Van Riper noted that the most important takeaway for companies is “to have a plan in place.”
“In the middle of a ransomware attack is the worst time to realize you don’t have a playbook for how to handle the situation,” said Van Riper. “Companies should heed the warnings from the FBI and USSS, but remain calm and ensure they have appropriate defense-in-depth as well as an incident response playbook.”
[ad_2]
Source link