"BlackByte Ransomware Decryptor Released"
The Windows-based ransomware, dubbed BlackByte, discovered by researchers at the cybersecurity firm Trustwave, seems to have been inspired by other strains known to bring in significant financial rewards for their operators. BlackByte is described as odd because of the decisions made by its creators regarding design and functionality. According to a set of technical advisories recently published by Trustwave, the ransomware only targets systems that are not based on Russian or ex-USSR (Union of Soviet Socialist Republics) languages. BlackByte also employs the double-extortion tactic as it not only encrypts and locks systems, but also threatens to steal or sell stolen data in an effort to force victims to pay the demanded ransom. Like other modern ransomware operators, including Maze, REvil, Conti, and Babuk, BlackByte has launched a leak website. However, the researchers say BlackByte's threat of data exfiltration and leaks is baseless since the ransomware does not appear to have that capability. Despite the BlackByte ransomware having no exfiltration functionality, the threat will still push more victims to pay after their system has been infected. The ransomware's encryption process also suggests that it is likely operated by less-skilled threat actors since the malware downloads and executes the same key to encrypt files in the Advanced Encryption Standard (AES) instead of unique keys for each session. A free decryptor for BlackByte ransomware has been made available by Trustwave on GitHub. This article continues to discuss BlackByte's targets, double-extortion tactic, encryption process, and other capabilities, as well as the decryptor released for the ransomware.