The BlackByte ransomware group claims to have compromised the Japanese beer and beverage company Asahi.

Asahi Group Holdings, Ltd. is a global Japanese beer, spirits, soft drinks, and food business group.

The Japanese beverage giant owns many popular brands, including Grolsch, such as Meantime, Peroni, and SABMiller.

The BlackByte ransomware group claims to have stolen gigabytes of documents from Asahi, including financial and sales reports.

The ransomware gang is demanding 500k$ to buy data and 600k$ to delete the stolen data.


The BlackByte ransomware operation has been active since September 2021, in October 2021 researchers from Trustwave’s SpiderLabs released a decryptor that can allow victims of early versions of BlackByte ransomware to restore their files for free.

In February, the US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors.

In 2021, a flaw in the operation was found that allowed a free BlackByte decryptor to be created. Unfortunately, after the weakness was reported, the threat actors fixed the flaw.

In August 2022, a new version of the BlackByte ransomware appeared in the threat landscape, the version 2.0 uses extortion techniques similar to LockBit ones. The gang allows victims to pay $5,000 to postpone the leaking of their data by 24 hours, download the data for $200,000, or destroy all the data by paying a $300,000 ransom. The prices are not fixed and could vary depending on the importance of the victim.

Early October, researchers from Sophos warned that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Asahi)


Source link