Cyberattackers are using BlackByte, a ransomware-as-a-service group, to target critical infrastructure in the United States, including government facilities, financial institutions, and the agriculture industry, according to a recent advisory from the FBI and Secret Service.
The BlackByte group had dropped out of sight for a few weeks, but as of November, its ransomware had compromised many U.S. and foreign businesses, said the advisory
, released on Feb. 11. In some cases, attackers have used a known Microsoft Exchange Server vulnerability to access victims’ networks, the advisory said.
Shortly after the advisory was released, there were reports of BlackByte being used to attack the San Francisco 49ers. The football team said then it was investigating the attack.
Ransomware-as-a-service providers typically offer a subscription-based model allowing other attackers or affiliates to use their available ransomware tools. In many cases, the provider and the attacker share ransom payments.