blackbyte attacks VM Tooling

Incident Date:

February 8, 2022

World map



blackbyte attacks VM Tooling


VM Tooling




Onalaska, USA

Wisconsin, USA

First Reported

February 8, 2022

Venture Machine & Tool, Inc. Targeted by Blackbyte Ransomware Group

Company Overview

Venture Machine & Tool, Inc., a custom metal machining and fabricating company based in western Wisconsin, has been targeted by the Blackbyte ransomware group. The company, which provides services such as laser cutting, production metal stamping, and full-service tool and die shop, has been hit by the ransomware attack, as indicated by a leak on the Blackbyte group's dark web site.

Industry Standout

The company's standout feature is its ability to handle a wide range of projects, from large complex tooling projects to cosmetic automotive and appliance parts. They also offer a full-service tool and die shop with in-house tooling engineers, providing a comprehensive solution for manufacturers throughout the United States.


The specific vulnerabilities that led to the successful attack by the Blackbyte ransomware group are not detailed in the available information. However, it is mentioned that the attackers used a serial console in Microsoft Azure to gain access to the victim's environment. This suggests that the company may have had insufficient security measures in place to prevent such an attack, or that the attackers exploited a previously unknown vulnerability.

The Blackbyte ransomware group's attack on Venture Machine & Tool, Inc. highlights the need for companies to maintain robust cybersecurity measures to protect against such threats. The attackers' use of a serial console in Microsoft Azure demonstrates the evolving tactics used by ransomware groups, which now target cloud environments and bypass traditional security tooling.


  • Microsoft Azure VMs Hijacked in Cloud Cyberattack - Dark Reading
  • Weaponising VMs to bypass EDR - Akira ransomware - CyberCX - CyberCX
  • New Ransomware Tactic: Adversaries Target ESXi Servers | CrowdStrike - CrowdStrike

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.