back to article Hot glare of the spotlight doesn’t slow BlackByte ransomware gang

The US government's alert three months ago warning businesses and government agencies about the threat of BlackByte has apparently done little to slow down the ransomware group's activities. Since March, the group, and other gangs using its malware, have continued to attack targets around the world, redesigning their website …

  1. Pascal Monett Silver badge

    "living-off-the-land binaries"

    Now that's new to me. What on Earth is that ? Notepad ?

    1. Clausewitz4.0
      Devil

      Re: "living-off-the-land binaries"

      Bitsadmin.exe, rundll32.exe, werfault.exe and others can be invoked to load/side load your red team components without being detected or flagged as malicious by an AV.

      Quite effective.

  2. Anonymous Coward
    Anonymous Coward

    Additional admins

    "and make themselves persistent in the network by adding additional admin accounts"

    It's a trivial matter to create a small script that will return the number of members in a domain admins group. If the number changes without prior knowledge or agreement, send an alert to someone who needs to know.

    It's not a protection or a defence but anything that shortens the time between intruders gaining access and that intrusion being discovered has to be a good thing.

    1. EnviableOne Silver badge

      Re: Additional admins

      protected groups are also a good thing, and prevent access to the necessary admin permissions...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022