BlackByte Ransomware Decryptor Key Returns Data, Foils Ransom Payments

Published: January 14, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



The news is ransomware continues to be a growing threat against industry, critical infrastructure, and individuals alike. Holding data hostage for a ransom can cripple even the biggest of victims and bring their goods and services to a grinding halt until the ransom demand is paid. Free decryptor keys for some ransomware types, now including for BlackByte, are available at no cost to victims.


Some of BlackByte’s characteristics show it avoids infecting Russian and ex-USSR language targets and specific geo-locations, and prepares a system for uninterrupted attack. Researchers also find BlackByte has no exfiltration abilities to steal the data, so ransom notes claiming a victim’s data is stolen are only meant to scare them into paying-up. Decryption keys for REvil, LooCipher, GandCrab, and others give victims a “get out of jail free” card. These decryptors not only return encrypted data to the rightful owners, but they also leave attackers with a total of $0 ransom paid.



Statista finds the number of ransomware attacks against industry worldwide in 2021 is 68.5%, compared to 55.1% in 2018. They also find the top delivery method leading to these attacks is overwhelmingly phishing and spam emails at 54%. Coming in second at 27% are users with poor security practices who fall for phishing email and spam, creating an opening for ransomware attacks. The financial cost of recovery from ransomware in the U.S., according to Sophos, is up to $1.85 million so far.


Decryptor Keys To The Rescue?


Thanks to cybersecurity firms, software creators and others, decryption keys may one day hold the answer to many ransomware attacks. For example, the “No More Ransom” website is dedicated to finding and posting decryption keys for the growing list of ransomware infections, with new decryption keys added when available. However, threat actors aren’t likely to abandon these attacks since ransoms generate enormous income for them. For victims, counting on the key being there when you need will be a costly shock if it doesn’t exist. Instead, following cyber-smart advice from security pros can help prevent ransomware and other malware attacks, and is strongly recommended.


Keeping Ransomware Out And Your Data In

  • Create ongoing backups for system data so it can be replaced and free from ransom demands. Make sure the backups are separate from the operations/production system and run regular checks so they function when needed.

  • Make sure all levels of employees are trained to spot email phishing since they are usually the last line of defense against malware infections including ransomware. Ongoing training is best as it alerts staff to new phishing and other malware attack trends.

  • As the FBI and other U.S. security agencies warn, never pay a ransom because doing so only encourages more attacks. Keeping all system software current and patched keeps system vulnerabilities to a minimum, leaving less room for attackers to succeed.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com


2 views0 comments