The BlackByte ransomware group attacked security affairs group Asahi Group Holdings, a precision metal manufacturing and metal solutions provider. | So Good News
The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solutions provider.
Asahi Group Holdings, Ltd. is a precision metal fabrication and metal solutions provider, the company has been serving the precision metals and thin film coatings industries for over 40 years with a team of experts.
The BlackByte ransomware group claims to have stolen gigabytes of documents from Asahi Group Holdings, including financial and sales reports.
The ransomware gang is demanding $500k to buy the data and $600k to delete the stolen data.
BlackByte ransomware activity has been active since September 2021, and in October 2021, researchers from Trustwave’s SpiderLabs released a decryptor that could allow victims of earlier versions of BlackByte ransomware to recover their files for free.
In February The United States Bureau of Investigation (FBI) has revealed that the BlackByte ransomware gang has breached at least three organizations in critical US infrastructure sectors.
In 2021, a bug was found in the function that allowed the creation of a free BlackByte decryptor. Unfortunately, After reporting the vulnerability; Threat actors fixed the bug.
In August 2022, a new version of BlackByte ransomware appeared on the threat scene, and version 2.0 uses extortion techniques similar to LockBit. The gang asked victims to postpone their data breach within 24 hours. They were allowed to download the data for $200,000 or to destroy all data by paying $300,000. Prices are not fixed and may vary depending on the importance of the victim.
In early October, Sophos researchers have warned that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products.
Follow me on Twitter: @security issue versus Facebook
(SecurityAffairs – Hacker, Asahi Group Holdings)