FBI-USSS: Indicators of Compromise Associated with BlackByte Ransomware

The FBI and the U.S. Secret Service have published a TLP:WHITE Joint Cybersecurity Advisory providing indicators of compromise and other information concerning BlackByte ransomware. The advisory notes that since November 2021, multiple U.S. and foreign organizations have been compromised by BlackByte, including in at least three U.S. critical infrastructure sectors. BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows hosts systems.

The advisory includes further technical details regarding this activity and lists recommended mitigations. Organizations can access CISA’s free cyber hygiene services to help critical infrastructure organizations assess, identify, and reduce their exposure to threats, including ransomware. It also encourages partners to report suspicious or criminal activity to their local FBI field office or their local U.S. Secret Service field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov. Access the full advisory below.