{"id":46731,"date":"2022-05-19T15:47:49","date_gmt":"2022-05-19T15:47:49","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33468\/Hot-Glare-Of-The-Spotlight-Doesnt-Slow-BlackByte-Ransomware-Gang.html"},"modified":"2022-05-19T15:47:49","modified_gmt":"2022-05-19T15:47:49","slug":"hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/","title":{"rendered":"Hot Glare Of The Spotlight Doesn&#8217;t Slow BlackByte Ransomware Gang"},"content":{"rendered":"<p>The US government&#8217;s alert three months ago warning businesses and government agencies about the threat of BlackByte has apparently done little to slow down the ransomware group&#8217;s activities.<\/p>\n<p>Since March, the group, and other gangs using its malware, have continued to attack targets around the world, redesigning their website from which they leak data stolen from organizations, and snaring fresh victims, according to analysts at Talos, Cisco Systems&#8217; threat intelligence group.<\/p>\n<p>&#8220;The ransomware group and its affiliates have infected victims all over the world, from North America to Colombia, the Netherlands, China, Mexico and Vietnam,&#8221; the threat hunters noted in a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.talosintelligence.com\/2022\/05\/the-blackbyte-ransomware-group-is.html\">write-up<\/a> Wednesday. &#8220;Talos has been monitoring BlackByte for several months and we can confirm they are still active after the FBI released a joint cybersecurity advisory.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>That <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.ic3.gov\/Media\/News\/2022\/220211.pdf\">joint release<\/a> [PDF] by the FBI and US Secret Service in February noted BlackByte&#8217;s reach was international, and stated that since November 2021, the gang had compromised entities in at least three critical infrastructure sectors \u2013 government facilities, financial, and food and agriculture \u2013 in the United States.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>The Talos researchers reckon BlackByte is one of what they call the &#8220;big game ransomware groups,&#8221; those that target large and high-profile organizations by not only exfiltrating their data but also threatening to publicly leak it on dark-web websites if the marks don&#8217;t pay the demanded ransom. The crew also runs a Tor-hidden .onion auction site where they sell stolen data, according to Unit42, Palo Alto Networks&#8217; threat hunting unit.<\/p>\n<p>BlackByte appeared on the scene last summer and quickly made a name for itself among other well-known groups, such as REvil and Conti, by targeting entities in the United States and Europe in industry sectors like healthcare, energy, financial services, and manufacturing. In February, the group <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2022\/02\/14\/49ers_ransomware_blackbyte\/\" rel=\"noopener\">attacked a network<\/a> of the San Francisco 49ers, encrypting data and leaking some files they claimed were stolen from the American football team.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2022\/03\/25\/ransomware_attack_shutterstock.jpg?x=174&amp;amp;y=115&amp;amp;crop=1\" width=\"174\" height=\"115\" alt=\"ransomware attaack\"><\/p>\n<h2 title=\"Russia-linked crime-as-a-service crew is rich, professional \u2013 and investing in R&amp;amp;D\">Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware<\/h2>\n<p><a href=\"https:\/\/www.theregister.com\/2022\/05\/18\/wizard-spider-ransomware-conti\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Similar to some crews slinging ransomware like Lockbit 2.0, BlackByte avoids targeting systems that use Russian and other Eastern European languages, according to Unit42,<\/p>\n<p>The group uses its ransomware for its own direct gain, and also makes it available to affiliates via a ransomware-as-a-service (RaaS) model. It ran into a challenge in October when cybersecurity vendor Trustwave released software that allowed BlackByte victims to decrypt their data for free. At the time, Trustwave researchers noted that BlackByte&#8217;s ransomware was more rudimentary than that of other extortionists.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Unlike other ransomware that may have a unique key in each session, BlackByte uses the same raw key (which it downloads) to encrypt files and it uses a symmetric-key algorithm \u2013 AES,&#8221; Team Trustwave <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.trustwave.com\/en-us\/resources\/blogs\/spiderlabs-blog\/blackbyte-ransomware-pt-1-in-depth-analysis\/\">wrote<\/a>. &#8220;To decrypt a file, one only needs the raw key to be downloaded from the host. As long as the .PNG file it downloaded remains the same, we can use the same key to decrypt the encrypted files.&#8221;<\/p>\n<p>The cybercrooks apparently rebounded, to the point where the FBI and Secret Service in their alert outlined BlackByte&#8217;s techniques and detailed a long list of indicators of compromise (IoC).<\/p>\n<p>In an April <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/unit42.paloaltonetworks.com\/blackbyte-ransomware\/\">blog post<\/a>, Unit42 noted the gang&#8217;s aggressive nature, including a 300 percent quarter-over-quarter increase in the final three months of 2021 in the number of attacks associated with its ransomware.<\/p>\n<blockquote class=\"pullquote\" readability=\"8\">\n<p>Due to the high-profile nature and steady stream of BlackByte attacks identified globally in early 2022, the operators and\/or affiliates behind the service likely will continue to attack and extort organizations<\/p>\n<\/blockquote>\n<p>&#8220;BlackByte ransomware operators have been active since at least July 2021,&#8221; the researchers wrote. &#8220;Due to the high-profile nature and steady stream of BlackByte attacks identified globally in early 2022, the operators and\/or affiliates behind the service likely will continue to attack and extort organizations.&#8221;<\/p>\n<p>The Unit42 report echoes what the Talos researchers are seeing. The gang and its affiliates use phishing emails or a known ProxyShell vulnerability in unpatched Microsoft Exchange Servers \u2013 or flaws in vulnerable versions of SonicWall&#8217;s VPN \u2013 to gain access into a system, according to Talos.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Once in, the bad actors install the AnyDesk remote management software to help them take control of Windows boxes, move laterally through the network, and escalate privileges.<\/p>\n<p>&#8220;BlackByte seems to have a preference for this tool and often uses typical living-off-the-land binaries (LoLBins) besides other publicly available commercial and non-commercial software like &#8220;netscanold&#8217; or &#8216;psexec&#8217;,&#8221; the Talos researchers wrote. &#8220;These tools are also often used by Administrators for legitimate tasks, so it can be difficult to detect them as a malicious threat.&#8221;<\/p>\n<p>Executing the ransomware itself &#8220;is the last step once they are done with lateral movement and make themselves persistent in the network by adding additional admin accounts,&#8221; they wrote.<\/p>\n<p>About 17 hours after the ransomware infection process starts, the compromised systems reboot and the ransomware note lackByteRestore.txt is displayed in Notepad.<\/p>\n<p>BlackByte&#8217;s persistence comes as the ransomware space continues to evolve. Kaspersky earlier this month <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/securelist.com\/new-ransomware-trends-in-2022\/106457\/\">noted<\/a> a few trends in the field, including threat groups looking to become even more adaptable by developing cross-platform ransomware that can run on multiple architectures and operating systems. In addition, the ransomware ecosystem is becoming more industrialized, with ransomware tool kits being continuously improved to make data exfiltration easier and faster, and make rebranding tools simpler.<\/p>\n<p>Gangs also are more likely to take sides in geopolitical conflicts, such as the ongoing invasion of Ukraine by Russia. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33468\/Hot-Glare-Of-The-Spotlight-Doesnt-Slow-BlackByte-Ransomware-Gang.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8372],"class_list":["post-46731","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-blogs","tag-headlinehackermalwarecybercrimefraudcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hot Glare Of The Spotlight Doesn&#039;t Slow BlackByte Ransomware Gang 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hot Glare Of The Spotlight Doesn&#039;t Slow BlackByte Ransomware Gang 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-19T15:47:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hot Glare Of The Spotlight Doesn&#8217;t Slow BlackByte Ransomware Gang\",\"datePublished\":\"2022-05-19T15:47:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/\"},\"wordCount\":908,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,hacker,malware,cybercrime,fraud,cryptography\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/\",\"name\":\"Hot Glare Of The Spotlight Doesn't Slow BlackByte Ransomware Gang 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-05-19T15:47:49+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,cybercrime,fraud,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwarecybercrimefraudcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hot Glare Of The Spotlight Doesn&#8217;t Slow BlackByte Ransomware Gang\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hot Glare Of The Spotlight Doesn't Slow BlackByte Ransomware Gang 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/","og_locale":"en_US","og_type":"article","og_title":"Hot Glare Of The Spotlight Doesn't Slow BlackByte Ransomware Gang 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-19T15:47:49+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hot Glare Of The Spotlight Doesn&#8217;t Slow BlackByte Ransomware Gang","datePublished":"2022-05-19T15:47:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/"},"wordCount":908,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,hacker,malware,cybercrime,fraud,cryptography"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/","url":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/","name":"Hot Glare Of The Spotlight Doesn't Slow BlackByte Ransomware Gang 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-05-19T15:47:49+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/research&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YobKLqip62SjfJofeTQ2cAAAAAk&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hot-glare-of-the-spotlight-doesnt-slow-blackbyte-ransomware-gang\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,cybercrime,fraud,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwarecybercrimefraudcryptography\/"},{"@type":"ListItem","position":3,"name":"Hot Glare Of The Spotlight Doesn&#8217;t Slow BlackByte Ransomware Gang"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46731"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46731\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}