Cisco: BlackByte Ransomware Only Posts 20% to 30% of Successful Attacks

August 28, 2024 | The BlackByte ransomware gang is revealing only a small portion of its successful attacks, according to Cisco Talos researchers. They estimate that the group posts extortion notices for just 20% to 30% of its breaches.

In 2023, BlackByte listed 41 victims but has disclosed only three so far in 2024, raising questions about its lack of transparency despite increased activity.

BlackByte has been linked to high-profile attacks on local governments and organizations like the San Francisco 49ers. Cisco Talos noted that the group is rapidly evolving, often exploiting newly disclosed vulnerabilities, such as CVE-2024-37085 in VMware ESXi software.

Researchers highlight the Ransomware-as-a-Service (RaaS) model’s flexibility, allowing BlackByte to quickly adapt and counter cybersecurity defenses.

[Read the full article]

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.