BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave


The BlackByte ransomware group has been exploiting a recently patched authentication bypass vulnerability (CVE-2024-37085) in VMware ESXi hypervisors, leveraging vulnerable drivers to bypass security protections. Known for its history of exploiting ProxyShell vulnerabilities and employing double extortion tactics, BlackByte continues to evolve its methods, using a custom tool named ExByte for data exfiltration and likely gaining initial access through brute-force attacks on VPNs. Despite the release of a decryptor in 2021, the group remains active, targeting critical infrastructure sectors with its ransomware-as-a-service operations.

Read More


thumb-image

Solutions