CISA Advisory - BlackByte Ransomware

Cybersecurity & Infrastructure Security Agency (CISA) provides an advisory for BlackByte Ransomware as a Service (RaaS) group. The group's activities, since November 2021, have been disruptive and highly impacting as "BlackByte ransomware has compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture)." Various techniques are used by the group including webshells, scheduled tasks, modifying registry keys, manipulating services including Windows Defender, shadow copies and services.