Tech News
Royal ransomware crew puts on a BlackSuit in rebrand
The cyber criminal ransomware gang formerly known as Royal has rebranded itself as BlackSuit and is actively targeting organizations across various sectors with significant extortion demands, according to a warning from the United States’ Cybersecurity and Infrastructure Security Agency (CISA) as part of its ongoing #StopRansomware campaign.
Believed to have roots in the now-defunct Conti operation and potential connections to other groups like Black Basta and Hive, Royal operated for around nine months between the fall of 2022 and the summer of 2023, carrying out a series of destructive attacks during that time.
BlackSuit, which has emerged a year later, has been closely monitored by both CISA and the FBI. Analysis of known cyber attacks has revealed that its ransomware locker shares significant coding similarities with Royal’s and shows “enhanced capabilities.”
CISA noted that “BlackSuit employs a unique partial encryption method that enables the threat actor to select a specific percentage of data within a file to encrypt.” This allows the gang to lower the encryption percentage for larger files, making it harder to detect and significantly increasing the speed of the ransomware operation.
Like other cybercriminal groups, BlackSuit primarily uses phishing emails to gain initial access. However, they are also known to exploit Remote Desktop Protocol (RDP), vulnerabilities in public-facing web applications, and the services of initial access brokers (IABs).
Once inside a victim’s system, BlackSuit operatives disable antivirus software before carrying out data exfiltration and extortion activities. If the ransom is not paid, the encrypted data is published on a dark web leak site.
According to CISA, the gang has demanded over $500 million in total, with ransom amounts typically ranging from $1 million to $10 million, although there have been demands as high as $60 million.
Unlike other ransomware groups, BlackSuit does not make a ransom demand immediately after the initial attack. Instead, victims must engage directly with negotiators through a Tor Onion URL provided after data encryption. The gang has also been known to use phone calls and emails to apply pressure on victims.
Martin Kraemer, security awareness advocate at KnowBe4, commented: “The BlackSuit ransomware group is notorious for using aggressive tactics to extort money. They are willing to threaten businesses with exposing corporate misconduct, intimidate employees’ relatives, or blackmail individuals by revealing illegal activities.”
He added, “Organizations must be prepared. Crisis management and incident response teams should work closely with PR departments to manage the level of transparency and mitigate damage to employee and consumer trust. With the rise of targeted disinformation, PR departments must be ready to address and control narratives that could harm the company significantly.”
For more information on BlackSuit, including updated indicators of compromise (IoCs), visit the CISA website.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend