All stolen files are sent to the cloud using data exfiltration software.
How do businesses store data on the cloud?
Electronic device users have probably heard of “the cloud” and “cloud computing,” but you may be at a loss for words to define it. Simply explained, the cloud is an internet data center where software and services are kept rather than on local hardware like your computer or other electronic devices. Cloud computing uses the internet’s capacity to outsource operations such as software hosting and information storage.
In simple words what is cloud storage?
The process of storing data in an offsite storage system that is not found on your electronic device is referred to as cloud storage. This does not imply saving stuff to a desktop folder or moving items to a USB drive. A third company manages cloud storage systems, and you store your files in a remote database using the power of the internet. This enables you to back up and access your data from any internet-connected device.
How it can be dangerous?
Although clouds are backed up to various servers, so you never have to worry about losing anything stored on them. If one server fails, your data is still safe in numerous other locations. This greatly decreases the possibility of data loss but even the cloud is safe.
With the addition of a new specialized tool that keeps stolen sensitive data on the cloud, one of today’s most notorious ransomware has become even more lethal. Symantec’s Threat Hunter Team researchers have issued a fresh report on BlackByte, claiming that at least one ransomware affiliate is utilizing Exbyte to siphon off stolen data.
What is Exbyte?
Exbyte is the most recent software created by cyber criminals to facilitate data theft from victims. The Threat Hunter Team at Symantec has uncovered that at least one affiliate of the BlackByte ransomware organization has started employing a bespoke data exfiltration tool during their attacks. The malware is designed to steal data from the victim’s network and upload it to an external server as quickly as possible.
So, how it operates?
Exbyte is a unique data exfiltration application that, when activated, delivers all stolen data to a designated folder on the Mega cloud storage service. The folder is password-protected, and the password is hardcoded into the software itself. However, before delivering the files, the tool will check to see if they are in a sandbox, making it more difficult for cybersecurity experts to evaluate the sample. It also checks to see whether any antivirus products are running on the hacked endpoint.
What is Blackbyte?
Since July 2021, the BlackByte ransomware organization has been linked to several intrusions in the United States, Europe, and Australia. Critical infrastructure providers, manufacturing, financial industries, and, most recently, an American football team have all been targeted. BlackByte is thought to be based in Russia, as the ransomware is designed to avoid businesses where Russian or another Commonwealth of Independent States language is the system default.
Why is Blackbyte rising now?
This is a clear indication of BlackByte’s rise to prominence in the ransomware industry, especially with the demise of Conti and REvil. According to Symantec’s analysis, after the exit of several prominent ransomware operations such as Conti and Sodinokibi also known as REvil. BlackByte has arisen as one of the ransomware operators to profit from this market void.
Cybercriminals are currently developing unique tools for use in BlackByte assaults indicating that it may be on its way to becoming one of the leading ransomware threats.
What are other exfiltration tools available?
Exbyte is far from the only specialized data exfiltration tool available. Symantec researchers discovered a similar software called Exmatter in November of last year. This one was mostly utilized by the BlackMatter ransomware organization. Noberus eventually embraced it. Ryuk employs the Ryuk Stealer, whereas LockBit employs the StealBit.
