Symantec has just released a report on BlackByte ransomware’s new double extortion capabilities – see here. This comes just months after the FBI released an advisory on the strain following its use to breach three companies in the US’s critical infrastructure.

Following attacks on US critical infrastructure, the FBI released an advisory on BlackByte ransomware in February. But clearly this has done little to deter threat actors. They’ve built on BlackByte’s success with this latest update, which now includes next-generation double extortion capabilities, including a direct upload of exfiltrated data to Mega cloud with hardcoded credentials. This should set alarm bells ringing for organizations. Double extortion tactics make it much harder to say no to ransomware demands because the safety net of ‘restore from backup’ is no longer there to fall back on.
Our research shows that 83% of ransomware attacks now make use of double extortion tactics. Threat actors – who are essentially just developers gone bad – have worked hard to improve their product, and the cybersecurity industry should be responding in kind. Ransomware often evades detection because it runs without a trusted machine identity. So, organizations must be managing machine identities via a control plane to reduce the use of unsigned scripts, increase code signing and restrict the execution of malicious macros. This is vital to a well-rounded ransomware defense.