BlackByte Ransomware from RedCanary
Industry: N/A | Level: Tactical | Source: RedCanary
RedCanary presented research from a BlackByte ransomware incident response engagement with Kroll. The attack sequence covered initial access from ProxyShell and web shell through post-exploitation with cobalt strike, impairing defenses with process monitoring, windows defender, and firewall modifications to ransomware and file exfiltration.
- Anvilogic Scenario: BlackByte Behaviors