Ransomware group BlackByte claims to have compromised Asahi Group Holdings, a precision metal fabrication and metal solutions provider.
Asahi Group Holdings, Ltd. is a precision metal fabrication and metal solutions provider. For more than 40 years, the company has provided end-to-end services in the precision metals and thin film coatings industries with different teams of experts.
Ransomware group BlackByte claims to have stolen gigabytes of documents from Asahi Group Holdings, including financial and sales reports.
The ransomware gang is asking for $500,000 to buy data and $600,000 to delete stolen data.
BlackByte ransomware operation has been active since September 2021, in October 2021 researchers from Trustwave’s SpiderLabs released a decryptor that may allow victims of early versions of BlackByte ransomware to restore their files for free.
In February, the United States Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware gang had breached at least three organizations in critical infrastructure sectors in the United States.
In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor to be created. Unfortunately, after the weakness was reported, the threat actors patched the flaw.
In August 2022, a new version of BlackByte ransomware appeared in the threat landscape, version 2.0 uses similar extortion techniques as LockBit. The gang allows victims to pay $5,000 to delay their data leak for 24 hours, download the data for $200,000, or destroy all data by paying a ransom of $300,000. The prices are not fixed and may vary according to the importance of the victim.
In early October, researchers at Sophos warned that BlackByte ransomware operators were using a BYOVD (bring your own vulnerable driver) attack to circumvent security products.
Follow me on Twitter: @securityaffairs and Facebook
(SecurityAffairs – hacking, Asahi Group Holdings)