BlackSuit ransomware is rapidly spreading across various critical infrastructure sectors, with the attackers demanding up to $60 million from their victims.
According to the notice by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), attacks involving Blacksuit ransomware have targeted several critical infrastructure sectors spanning commercial facilities, healthcare and public health, government facilities, and critical manufacturing.
Phishing emails are one of the most effective methods that the BlackSuit gang uses to gain initial access. Once inside the victims' networks, the attackers disable antivirus software, exfiltrate large amounts of data, and then deploy ransomware to encrypt the systems.
CISA and the FBI have warned of a rise in cases where victims receive phone calls or emails from BlackSuit actors regarding the compromise and a ransom demand. This tactic is increasingly being adopted by ransomware gangs to intensify the pressure on their victims.
Threat actors have demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million.
The authorities wrote in the notice that BlackSuit actors have exhibited a willingness to negotiate payment amounts. "Ransom amounts are not part of the initial ransom note but require direct interaction with the threat actor via a .onion URL provided after encryption," they explained.
BlackSuit conducts data exfiltration and extortion prior to encryption and, if a ransom is not paid, publishes victim data to a leak site on the dark web.
BlackSuit ransomware is a rebrand of the infamous Royal ransomware group, which was active between September 2022 and June 2023. According to the authorities, BlackSuit shares numerous coding similarities with Royal ransomware and has exhibited improved capabilities.
Your email address will not be published. Required fields are markedmarked