Subscribe to Newsletters

Curated Content | Thought Leadership | Technology News

BlackSuit Ransomware Gang: The New Face of an Old Threat

Calling and intimidating its victims
Ryan Uliss
Contributing Writer
Save to Library Download Preview Preview Crop Find Similar File #: 657368502 Black hands of witch holding mobile phone with blank screen on purple background.

The ransomware group formerly known as Royal has rebranded itself as BlackSuit, continuing its legacy of high-stakes cyber extortion. According to the FBI and Cybersecurity and Infrastructure Security Agency (CISA), this newly renamed group has already demanded over $500 million in ransom demands since its rebranding.

The BlackSuit group employs sophisticated techniques to breach systems, disable security measures, and exfiltrate data, culminating in ransom demands that have reached up to $60 million per individual attack. This group first gained significant attention following their attack on Dallas, Texas in 2023 which disrupted emergency services, courts, and government operations. Since then, BlackSuit has continued to target a wide range of sectors, including a massive attack on the automotive industry earlier this year, primarily using phishing emails and remote tools to gain initial access and execute their ransomware campaigns.

BlackSuit stands out for its willingness to directly contact its victims.

The gang has been reported to reach out to leaders at hacked companies via email and phone as a pressure tactic to intimidate and negotiate the payment of their steep ransom demands. However, industry experts argue that this tactic is largely ineffective, as factors such as regulatory concerns and business downtime play a much larger role in determining whether or not a ransom is paid.

The FBI and CISA have recently updated their advisory to include comprehensive technical details to help organizations detect and mitigate BlackSuit attacks.

Why It Matters: The BlackSuit ransomware gang poses a critical risk to both the public and private sectors. The attack on Dallas, which disrupted essential services, underscores their potential for severe disruption to critical infrastructure. Coupled with their extreme financial demands, their pattern of breaching sophisticated security systems, and direct victim intimidation, BlackSuit demonstrates a ruthless determination to achieve their goals.

  • Targeted Sectors and Attack Vectors: BlackSuit has attacked multiple critical infrastructure sectors, including healthcare, government facilities, and manufacturing. Their primary attack vector remains phishing emails, which they use to gain initial access before disabling security software and deploying ransomware.
  • Technical Capabilities and Tactics: The group uses legitimate tools and compromised accounts to navigate victim networks, deactivate antivirus protections, and maintain persistent access. They have employed software like SystemBC, GootLoader, Mimikatz, and RMM tools to further their reach within compromised systems.
  • Direct Victim Communication: BlackSuit has adopted new pressure tactics, including contacting victims via phone and email to negotiate ransom payments. This method aims to increase the psychological pressure on victims to pay the ransom.
  • Impact on Cyber Hygiene Awareness: The rise of ransomware groups like BlackSuit has prompted greater awareness and prioritization of cybersecurity among organizations. CISA Director Jen Easterly recently highlighted the growing recognition of the need for effective cyber hygiene practices to protect communities and businesses from this newest wave of ruthless ransomware groups.

Go Deeper -> FBI and CISA Warn of BlackSuit Ransomware That Demands Up to $500 Million – The Hacker News

Royal Ransomware Successor BlackSuit has Demanded More Than $500 Million – The Record

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters