BlackByte Ransomware
A ransomware threat named BlackByte has been detected by cybersecurity researchers. The malware aims to infect users' computers and then lock the files stored there with an uncrackable encryption algorithm. Afterward, the hackers aim to extort their victims for money in exchange for the specific decryption key and the software tool that could potentially restore the data.
As part of its threatening functionality, the BlackByte Ransomware also modifies the original names of the locked files by appending '.blackbyte' as a new extension. The threat leaves a ransom note with instructions contained inside a file named 'BlackByte_restoremyfiles.hta.'
Ransom Note's Overview
According to the instructions, the criminals behind the BlackByte Ransomware give their victims 3 days to pay the demanded ransom. After that time, the file and information collected from the compromised systems will be posted on a dedicated auction site. The website is hosted on the TOR network.
BlackByte victims are allowed to send 2 encrypted files that will be unlocked and returned for free. However, the files must meet two requirements - they should not contain any important information and must not exceed 3MB. The email address of the attackers is 'blackbyte1@onionmail.org.'
The full text of the note is:
'BlackByte: "Hello!"
Your network has been hackedYour documents, and databases encrypted
To decrypt your files, you need to purchase our decryptor.
To decrypt files, follow the instructions below.1) Email us: blackbyte1@onionmail.org
2) Your domain should be in the email header
3) The body of the letter should contain the key given to you in the note.
4) If you do not write to us within the next 3 days, your details will be posted on our auction.
5) To prove that we can decrypt files, we can decrypt 2 files for free, it should be no more than 3 MB and should not contain important information.
6) Don't use 3rd party software to try decrypt your files, you can cause damage and even we won't be able to restore them.Our auction is available here:
-.onion , for access use Tor BrowserYour key
I Hide the Key for Security Reason.'
