Security News BlackSuit Claims Dozens of Victims With Carefully Curated Ransomware

vtqhtr413

Level 27
Thread author
Well-known
Aug 17, 2017
1,609
The BlackSuit ransomware gang has leaked stolen data from attacks against 53 organizations spanning one year.

Researchers from ReliaQuest analyzed in-depth an attack that took place in April from the ransomware group, which has been active since May 2023. The group — believed to be spun off from the Royal ransomware gang — primarily targets US-based companies in critical sectors such as education and industrial goods, choosing targets carefully to maximize financial gain, according to a blog post published yesterday.

"This targeting pattern strongly suggests a financial motivation with a focus on critical sectors that either have smaller cybersecurity budgets or a low tolerance for downtime, thereby increasing the likelihood of a successful attack or a speedy ransom payment," according to the Reliaquest Threat Research Team post.

BlackSuit uses a double-extortion method and other tactics, techniques, and procedures (TTPs) that reflect a maturity atypical of a group that's only been around for a year. This reflects its origin in Royal, which in turn was comprised of members of the formidable and now-defunct Conti ransomware gang.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top