back to article Could you not? BlackByte ransomware slinger twists the knife with data stealer

At least one affiliate of the high-profile ransomware-as-a-service (RaaS) group BlackByte is using a custom tool to exfiltrate files from a victim's network, a key step in the fast-growing business of double-extortion. The exfiltration tool, dubbed Exbyte, is written in Go for Windows computers, and is designed to upload files …

  1. Pascal Monett Silver badge

    "The tool then grabs document files on the compromised system"

    Okay, I just have a question : this tool grabs documents in the default Windows Documents folder of the user, right ?

    So, if I were to actually store my documents elsewhere, what would it actually get ?

    1. Jimmy2Cows Silver badge

      Re: "The tool then grabs document files on the compromised system"

      I think that's way too simplistic and easy to work around. This pure conjecture, but it's far more likely that it scans the computer and all attached drives for documents. That's how I'd write it. If I wrote it. Which I didn't.

  2. Plest Silver badge

    Makes you proud!

    Makes me proud to know my current fav lang, Go, is being used so well by the scum of internet to screw unsuspecting victims over. The only reason I can come up with is that the rich eco-system of libraries around Go is so good. The bins it produces are minimum 10Mb a pop so it can't be the size, Rust or C++ would make a better lang surely, much tighter bins that would hardly be noticed, I guess Go is quick to learn.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like