Finally in April 2022, the group launched a massive attack that crippled 27 Costa Rican government agencies causing disruptions to the country’s social networks and taxes, affecting foreign trade and payments. In response, the US State Department issued a $10 million reward for information about the identity or whereabouts of Conti’s leaders, and $5 million for information leading to the arrest of any Conti conspirator in any country. This probably sealed the fate of the group and made association with it highly undesirable for any hacker.
As Conti affiliates left ship and joined other RaaS operations, BlackByte, Black Basta, and KaraKurt quickly emerged as three new groups adopting code, tools, and tactics very similar to those previously associated with Conti. If BlackByte is indeed run by former members of Conti, it would not be surprising that they do not want to draw too much attention to themselves.
Although BlackByte has maintained the same tactics, strategies and procedures (TTPs) since its inception, recent attacks have revealed new tactics and evolution of others. For example, the group is known to deploy a self-propagating wormable ransomware encryptor that is tailored to each victim with hard-coded SMB and NTLM credentials stolen within the target network.
Source link