BlackByte attacks The Texwipe

Incident Date: Jun 15, 2023

Attack Overview

VICTIM

The Texwipe

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

Blackbyte

FIRST REPORTED

June 15, 2023

Request Removal

The BlackByte Ransomware Gang's Attack on The Texwipe

The BlackByte ransomware gang has attacked The Texwipe. The Texwipe is a contamination control and critical cleaning products supplier headquartered in Kernersville, North Carolina, USA. BlackByte posted The Texwipe to its data leak site on June 15th, claiming to have stolen company documents and data.

BlackByte's Global Targets Since July 2021

Starting in July 2021, BlackByte, a ransomware operation, began targeting corporate victims across the globe. Victims first discovered the group when they needed assistance decrypting their files. BlackByte, a Russian-based ransomware group, operates on a ransomware-as-a-service (RaaS) model and uses double-extortion tactics to compel victims to pay.

FBI and USS Advisory on BlackByte

Within their initial year, the Federal Bureau of Investigation (FBI) and the US Secret Service (USS) took notice of BlackByte's activities and issued a joint advisory warning about the group.

Evolution of BlackByte's Ransomware Tactics

BlackByte initially operated with limited activity. Early reports indicated that BlackByte's level of activity was not as high as other ransomware operations, but it attracted the attention of researchers. Their ransomware capabilities did not pose the most significant threat. In the previous version of BlackByte, the same key was utilized for file encryption in every campaign. The group employed AES, a symmetric key algorithm, enabling researchers to develop a decrypter to assist victims affected by BlackByte. Consequently, the group modified their encryption approach in newer versions.

Transition to GoLang

Around February 2022, they transitioned from C# to GoLang. This trend aligns with ransomware groups opting for programming languages like GoLang and Rust, which have limited familiarity. This choice makes static analysis more challenging compared to commonly used programming languages like C#. Security products have long relied on signatures from well-known languages, making the analysis of different language signatures considerably more difficult.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.