BlackByte, the ransomware-as-a-service gang believed to be one of Conti’s splinter groups, has (once again) created a new iteration of its encryptor. “Talos observed some differences in the recent BlackByte attacks. Most notably, encrypted files across all victims were rewritten with the file extension ‘blackbytent_h’, which has not yet appeared in public reporting,” researchers with Cisco’s threat intelligence team have shared. “This newer version of the encryptor also drops four vulnerable drivers as part of … More

The post BlackByte affiliates use new encryptor and new TTPs appeared first on Help Net Security.