December 01, 2021

BlackByte Ransomware from RedCanary

Industry: N/A | Level: Tactical | Source: RedCanary

RedCanary presented research from a BlackByte ransomware incident response engagement with Kroll. The attack sequence covered initial access from ProxyShell and web shell through post-exploitation with cobalt strike, impairing defenses with process monitoring, windows defender, and firewall modifications to ransomware and file exfiltration.

  • Anvilogic Scenario: BlackByte Behaviors