In April 2022, a significant cyber attack was launched by a group that caused severe disruptions to 27 Costa Rican government organizations. This attack impacted the country’s customs and taxes platforms, leading to issues with foreign trade and payroll payments. The aftermath of this attack prompted the US State Department to offer a $10 million reward for information regarding the leaders of the group responsible, known as Conti. Additionally, a $5 million reward was put up for any information that could lead to the arrest of any co-conspirator affiliated with Conti, regardless of their location.
The repercussions of this attack were swift, with Conti affiliates quickly abandoning ship and seeking refuge with other Ransomware-as-a-Service (RaaS) operations, such as BlackByte, Black Basta, and KaraKurt. These three new groups emerged with striking similarities to Conti in terms of their code, tools, and tactics. BlackByte, in particular, has drawn attention as it seems to be operated by former Conti members who are likely aiming to keep a low profile in light of the increasing scrutiny on cybercriminal activities.
Despite maintaining similar tactics, techniques, and procedures (TTPs) inherited from Conti, BlackByte has also demonstrated an evolution in its attack methods. Recent incidents have shown the group deploying a self-propagating wormable ransomware encryptor that is customized for each target using stolen SMB and NTLM credentials acquired from within the compromised network.
The emergence of groups like BlackByte, Black Basta, and KaraKurt underscores the ever-evolving landscape of cyber threats and the adaptability of cybercriminals. As law enforcement agencies and cybersecurity experts intensify their efforts to combat such threats, it is clear that the tactics used by malicious actors are constantly evolving in response to these measures. The collaboration between different entities in the cybersecurity space becomes increasingly crucial in addressing these challenges and mitigating the risks posed by ransomware and other forms of cyber attacks.
Moving forward, the ongoing developments in the realm of ransomware and cyber threats necessitate a proactive and collaborative approach from governments, organizations, and individuals alike. By staying informed about the latest trends and adopting robust cybersecurity measures, stakeholders can better protect themselves against the growing threat posed by ransomware and other malicious activities conducted by cybercriminals.