BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave

28-August-24

The BlackByte ransomware group has been exploiting a recently patched authentication bypass vulnerability (CVE-2024-37085) in VMware ESXi hypervisors, leveraging vulnerable drivers to bypass security protections. Known for its history of exploiting ProxyShell vulnerabilities and employing double extortion tactics, BlackByte continues to evolve its methods, using a custom tool named ExByte for data exfiltration and likely gaining initial access through brute-force attacks on VPNs. Despite the release of a decryptor in 2021, the group remains active, targeting critical infrastructure sectors with its ransomware-as-a-service operations.

Read More…