BlackByte

BlackByte is a RaaS that uses double extortion as part of its attacks. The threat actors behind this ransomware take a victim-snitching approach, as they operate a Tor .onion auction site where they sell victims' stolen data. The operators even mention the auction site in the ransom note to scare victims. It makes the files inaccessible by encrypting them and generates a ransom note (the "BlackByte_restoremyfiles.hta" file) that contains instructions on how to contact the attackers for data decryption and other details. In addition, BlackByte adds the extension ".blackbyte" to the names of encrypted files. For example, it renames a file named "1.jpg" to "1.jpg.blackbyte", "2.jpg" to "2.jpg.blackbyte" and so on.