What is going on on?
A cybercriminal group calling itself BlackSuit has claimed duty for a sequence of ransomware assaults, together with breaches at colleges in central Georgia.
And earlier within the yr, a zoo in Tampa Bay was focused by the identical hacking gang.
In the meantime, liberal arts faculty DePauw College in Indiana says that it was not too long ago focused, and a “restricted quantity of knowledge on particular people was accessed.” 214GB of stolen information has since been made out there for obtain on BlackSuit’s extortion website on the darkish net.
How come I have never heard of BlackSuit earlier than?
Likelihood is that in the event you’re considering cybersecurity, you are not an entire stranger to BlackSuit. Though BlackSuit first appeared in Could 2023, it seems to have robust hyperlinks to the Royal ransomware gang, which itself was born out of the stays of the infamous Conti group.
Are you suggesting that BlackSuit is a rebranding of the Royal and Conti ransomware teams?
It isn’t simply me. Final month the US Division of Well being and Human Companies (HHS) issued an advisory to the healthcare and public well being sector about BlackSuit that described its “placing parallels” to Royal, and stated it was the “direct successor to the infamous Russian-linked Conti operation.”
The HHS warned that BlackSuit was “a risk actor to be carefully watched within the close to future”.
So is BlackSuit one other ransomware-as-a-service (RaaS) operation?
Not presently. Proper now, it can’t be thought-about ransomware-as-a-service as there are no recognized associates of BlackSuit. In fact, which may change sooner or later – however it’s potential that the malicious hackers behind BlackSuit are glad retaining their weapon (and the earnings it generates) to themselves.
How will I do know that my organisation has been hit by BlackSuit?
BlackSuit encrypts information in your Linux and Home windows programs and appends a “.blacksuit” extension to affected information. It additionally modifications your desktop wallpaper, and drops a ransom word (named “README.BlackSuit.txt”.
Ought to I pay the ransom?
That is the six million greenback query. Or ought to that be the 139 Bitcoins query? 🙂
It is true to say that paying ransoms encourages ransomware attackers. If no organisations ever paid up, there wouldn’t be ransomware assaults. So, paying the malicious folks trying to extort your organization is deeply unattractive.
Nonetheless, not paying isn’t a simple determination for any sufferer to make. Even when they’ve a safe, unencrypted backup of their necessary information to rebuild their programs from, they are going to nonetheless need to deal with the potential fall-out when delicate details about their enterprise, their workers, their suppliers, and their clients is launched into the general public area by the criminals.
The repercussions of a knowledge leak are usually not simply doubtlessly authorized, however an organization’s public picture and model fame could also be critically tarnished by hackers that publish exfiltrated information.
In the end, there is no such thing as a good determination – solely a alternative between two disagreeable choices.
So, what motion ought to I take proper now?
One of the best factor to do is to make sure that you’ve gotten hardened defences in place earlier than a ransomware assault, to scale back the probabilities of it succeeding and limiting any potential impression on your corporation.
The FBI and CISA have printed mitigation steerage and a variety of IOCs for each the Royal and BlackSuit ransomware households.
As well as, it will be smart to observe our suggestions on methods to shield your organisation from different ransomware.
These embrace:
- making safe offsite backups.
- operating up-to-date safety options and guaranteeing that your computer systems are protected with the most recent safety patches in opposition to vulnerabilities.
- Prohibit an attacker’s capability to unfold laterally by means of your organisation by way of community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate information and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate information wherever potential.
- decreasing the assault floor by disabling performance that your organization doesn’t want.
- educating and informing workers concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal information.
Keep secure, and do not permit your organisation to be the subsequent sufferer to fall foul of the BlackSuit ransomware group.
Editor’s Observe: The opinions expressed on this visitor creator article are solely these of the contributor, and don’t essentially mirror these of Tripwire.
