"BlackByte Ransomware Gang Is Back with New Extortion Tactics"

The BlackByte ransomware has returned with version 2.0 of their operation, which includes a new data leak site and new extortion techniques adapted from LockBit. Following a brief hiatus, the ransomware operation is now promoting a new data leak site on hacker forums and through Twitter accounts controlled by the threat actor. It is unclear if the ransomware encryptor has changed too. The data leak site currently has only one victim, but it now has new extortion strategies that allow victims to pay to extend the publication of their data by 24 hours ($5,000), download the data ($200,000), or destroy all of the data ($300,000). These prices will most likely vary depending on the victim's size/revenue. However, as the cybersecurity intelligence firm KELA pointed out, BlackByte's new data leak site does not correctly embed the Bitcoin and Monero addresses that "customers" can use to purchase or delete the data, rendering these new features inoperable. These new extortion techniques aim to allow the victim to pay to have their data removed while also allowing other threat actors to purchase it if they so desire. These same extortion tactics were introduced by LockBit with the release of their 3.0 version and are seen as a gimmick rather than viable extortion tactics. This article continues to discuss changes made to the BlackByte ransomware operation. 

Bleeping Computer reports "BlackByte Ransomware Gang Is Back with New Extortion Tactics"