AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackByte ransomware, a strain operated under the Ransomware-as-a-Service (RaaS) model that emerged in July 2021. Since its emergence, BlackByte has targeted organizations worldwide, including entities within U.S. critical infrastructure sectors such as Government, Financial Services, Manufacturing, and Energy. The post Emulating the Mutative BlackByte Ransomware appeared first on AttackIQ.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

BlackByte is a Ransomware-as-a-Service (RaaS) strain that emerged in July 2021, believed to be an offshoot of the Conti operation. It targets critical infrastructure sectors including Government, Financial Services, Manufacturing, and Energy. AttackIQ has released an attack graph emulating BlackByte's TTPs, covering execution and defense evasion (disabling Windows Defender, modifying registry keys, disabling firewall profiles) and discovery/impact stages (ARP reconnaissance, Volume Shadow Copy deletion, AES-128/RSA-1024 file encryption). The emulation maps to MITRE ATT&CK techniques including T1053.005, T1562.001, T1562.004, T1490, and T1486, enabling security teams to continuously validate detection and prevention controls against this threat.

Emulating the Mutative BlackByte Ransomware

[Malware Emulation] BlackByte Ransomware – 2024-08 – Associated Tactics, Techniques and Procedures (TTPs)