BlackSuit Ransomware: FBI Warns of Critical Infrastructure Attacks
Cybersecurity experts have sounded the alarm on BlackSuit ransomware, a group active since April 2023 and believed to be a rebrand of Royal ransomware. The group has targeted critical infrastructure sectors and demanded hefty ransoms, ranging from $1 million to $10 million USD.
BlackSuit gains entry to networks through phishing, exploiting vulnerabilities, and using access brokers. Once inside, they employ tools like Mimikatz, Nirsoft, SharpShares, and SoftPerfect NetWorx to steal credentials and map networks. They exfiltrate data using Cobalt Strike and malware such as Ursnif. The group uses a Tor leak site to publish victim data if ransoms are not paid.
The FBI and CISA have issued a report with Indicators of Compromise (IoCs) to help organizations identify and respond to BlackSuit incidents. They encourage implementing their recommendations to reduce the likelihood and impact of ransomware attacks. In August 2024, an international law enforcement operation seized the group's dark web data leak site.
BlackSuit ransomware has proven to be a significant threat, targeting various critical sectors. Organizations are urged to stay vigilant and follow the FBI and CISA's guidelines to protect against such attacks. As of current public knowledge, no specific organizations are involved in the international law enforcement campaign against the BlackSuit gang.
