2021-12-01

BlackByte Ransomware from RedCanary

Level: 
Tactical
  |  Source: 
RedCanary
Share:

BlackByte Ransomware from RedCanary

Industry: N/A | Level: Tactical | Source: RedCanary

RedCanary presented research from a BlackByte ransomware incident response engagement with Kroll. The attack sequence covered initial access from ProxyShell and web shell through post-exploitation with cobalt strike, impairing defenses with process monitoring, windows defender, and firewall modifications to ransomware and file exfiltration.

  • Anvilogic Scenario: BlackByte Behaviors

Get trending threats published weekly by the Anvilogic team.

Sign Up Now