Asahi Group Holdings, Ltd. is a precision metal manufacturing and metal solution provider, for more than 40 years, the company has been delivering end-to-end services in the industries of precision metals and thin-film coatings with different teams of experts.
The BlackByte ransomware group claims to have stolen gigabytes of documents from Asahi Group Holdings, including financial and sales reports.
The ransomware gang is demanding 500k$ to buy data and 600k$ to delete the stolen data.
The BlackByte ransomware operation has been active since September 2021, in October 2021 researchers from Trustwave’s SpiderLabs released a decryptor that can allow victims of early versions of BlackByte ransomware to restore their files for free.
In February, the US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors.
In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.
In August 2022, a new version of the BlackByte ransomware appeared in the threat landscape, the version 2.0 uses extortion techniques similar to LockBit ones. The gang allows victims to pay $5,000 to postpone the leaking of their data by 24 hours, download the data for $200,000, or destroy all the data by paying a $300,000 ransom. The prices are not fixed and could vary depending on the importance of the victim.
Early October, researchers from Sophos warned that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products.
(SecurityAffairs – hacking, Asahi Group Holdings)