
A ransomware gang with links to the Conti group has returned with a new campaign like the better-known LockBit gang.
BlackByte version 2.0 ransomware gang, is promoting a new leaks site and claims to have successfully targeted new victims. Threat actors behind the ransomware are also promoting their activities on Twitter Inc., including auctions for stolen data.
BlackByte’s leak site currently had only one victim listed, however. In a twist on traditional ransomware groups, BlackByte is using a multitier ransom and publication strategy.
Victims are being given the opportunity to pay to delay the publishing of their data by 24 hours for $5,000, can download the data for $200,000, or destroy all the data for $300,000.
With any ransomware gang, paying any sum demanded comes with zero guarantees that those behind the attack will deliver on their promises.
A form of ransomware used by BlackByte previously was found to have a worm capability like the Conti ransomware group’s predecessor Ryuk ransomware and also undertakes similar techniques.