blackbyte attacks Argonaut Gold

Incident Date:

February 5, 2022

World map



blackbyte attacks Argonaut Gold


Argonaut Gold




Puerta Grande, Mexico

Hermosillo, Mexico

First Reported

February 5, 2022

Argonaut Gold Suffers Ransomware Attack by Blackbyte

Argonaut Gold, a company operating in the Minerals & Mining sector, has been targeted by the ransomware group Blackbyte. The attack was announced on the group's dark web leak site, and the victim's website is Argonaut Gold is a mid-tier gold producer with a portfolio of producing mines and development projects in Canada and the United States.

The company's website does not provide detailed information about its size or specific vulnerabilities that may have contributed to the attack. However, it is known that Blackbyte is a ransomware group that uses a dropper written in JavaScript to deploy a .NET payload. The group has been active since at least November 18, 2021, and supports execution on various operating systems, including Windows, Linux, and VMWare ESXi.

Blackbyte is known for deploying ransomware as a service (RaaS), and its ransomware, ALPHV, is written in the Rust programming language and supports execution on multiple platforms. ALPHV can encrypt files using either the AES or ChaCha20 algorithms and can delete volume shadow copies, stop processes and services, and stop virtual machines on ESXi servers.

Argonaut Gold's website does not provide information about its cybersecurity measures or any recent data breaches. However, it is known that data breaches can occur due to intentional hacking, criminal cyber-attacks, or human error, and they can lead to personal data breaches and put the personal information of individuals at risk.

The attack on Argonaut Gold is part of a larger trend of ransomware attacks on organizations worldwide, causing personal data breaches in many cases. Law enforcement and IT security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

Argonaut Gold has not issued a public statement about the attack or its response to it. The company's website does not provide a contact page or any other means for users to report issues or request assistance.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.