The CISA & FBI have issued alerts for a new version of the BlackByte ransomware which is actively circulating in the wild

FBI and USSS Release Advisory on BlackByte Ransomware | CISA

The BlackByte executable leaves a ransom note in all directories where encryption occurs. The ransom note includes the .onion site that contains instructions for paying the ransom and receiving a decryption key. Some victims reported the actors used a known Microsoft Exchange Server vulnerability as a means of gaining access to their networks. Once in, actors deploy tools to move laterally across the network and escalate privileges before exfiltrating and encrypting files. In some instances, BlackByte ransomware actors have only partially encrypted files. In cases where decryption is not possible, some data recovery can occur. The newer version encrypts without communicating with any external IP addresses.