Recent intrusions by BlackByte 2.0 ransomware have been completed within a span of only five days, The Hacker News reports.
Various tools and techniques have been leveraged by threat actors to achieve the abbreviated attacks, with vulnerable Microsoft Exchange Servers initially exploited to obtain initial network access wherein malicious activities could be conducted, a report from Microsoft's Incident Response team showed.
After conducting encryption and avoiding detection through process hollowing and antivirus evasion, BlackByte 2.0 uses web shells with remote access and control to ensure system presence.
Attackers were also observed to leverage Cobalt Strike beacons for command-and-control operations, "living-off-the-land" tools, and conduct volume shadow copy alterations, before distributing backdoors that ensure continued compromise.
Such attacks should prompt organizations to strengthen their patch management policies to ensure timely security update application, as well as activate tamper protection that would bolster their security systems' defenses against attacks, according to Microsoft.
Ransomware, Threat Management
BlackByte ransomware hastens attacks
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds