BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

The BlackByte ransomware group has been exploiting a recently patched authentication bypass vulnerability (CVE-2024-37085) in VMware ESXi hypervisors, leveraging vulnerable drivers to bypass security protections. Known for its history of exploiting ProxyShell vulnerabilities and employing double extortion tactics, BlackByte continues to evolve its methods, using a custom tool named ExByte for data exfiltration and likely gaining initial access through brute-force attacks on VPNs. Despite the release of a decryptor in 2021, the group remains active, targeting critical infrastructure sectors with its ransomware-as-a-service operations.

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

28-August-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address