The BlackSuit ransomware gang has leaked stolen data from attacks against 53 organizations spanning one year.
Researchers from ReliaQuest analyzed in-depth an attack that took place in April from the ransomware group, which has been active since May 2023. The group — believed to be spun off from the Royal ransomware gang — primarily targets US-based companies in critical sectors such as education and industrial goods,
choosing targets carefully to maximize financial gain, according to a blog post published yesterday.
"This targeting pattern strongly suggests a financial motivation with a focus on critical sectors that either have smaller cybersecurity budgets or a low tolerance for downtime, thereby increasing the likelihood of a successful attack or a speedy ransom payment," according to the Reliaquest Threat Research Team post.
BlackSuit uses a double-extortion method and other tactics, techniques, and procedures (TTPs) that reflect a maturity atypical of a group that's only been around for a year. This reflects its origin in Royal, which in turn was comprised of members of the formidable and now-defunct Conti ransomware gang.
