What is going on on?
A cybercriminal group calling itself BlackSuit has claimed duty for a sequence of ransomware assaults, together with breaches at colleges in central Georgia.
And earlier within the yr, a zoo in Tampa Bay was focused by the identical hacking gang.
In the meantime, liberal arts faculty DePauw College in Indiana says that it was lately focused, and a “restricted quantity of knowledge on particular people was accessed.” 214GB of stolen knowledge has since been made accessible for obtain on BlackSuit’s extortion website on the darkish net.
How come I have never heard of BlackSuit earlier than?
Likelihood is that when you’re concerned about cybersecurity, you are not a whole stranger to BlackSuit. Though BlackSuit first appeared in Could 2023, it seems to have sturdy hyperlinks to the Royal ransomware gang, which itself was born out of the stays of the infamous Conti group.
Are you suggesting that BlackSuit is a rebranding of the Royal and Conti ransomware teams?
It isn’t simply me. Final month the US Division of Well being and Human Companies (HHS) issued an advisory to the healthcare and public well being sector about BlackSuit that described its “hanging parallels” to Royal, and stated it was the “direct successor to the infamous Russian-linked Conti operation.”
The HHS warned that BlackSuit was “a menace actor to be carefully watched within the close to future”.
So is BlackSuit one other ransomware-as-a-service (RaaS) operation?
Not presently. Proper now, it can’t be thought of ransomware-as-a-service as there are not any identified associates of BlackSuit. After all, which may change sooner or later – but it surely’s attainable that the malicious hackers behind BlackSuit are completely happy maintaining their weapon (and the income it generates) to themselves.
How will I do know that my organisation has been hit by BlackSuit?
BlackSuit encrypts information in your Linux and Home windows techniques and appends a “.blacksuit” extension to affected information. It additionally modifications your desktop wallpaper, and drops a ransom observe (named “README.BlackSuit.txt”.
Ought to I pay the ransom?
That is the six million greenback query. Or ought to that be the 139 Bitcoins query? 🙂
It is true to say that paying ransoms encourages ransomware attackers. If no organisations ever paid up, there wouldn’t be ransomware assaults. So, paying the malicious individuals trying to extort your organization is deeply unattractive.
Nonetheless, not paying just isn’t a straightforward choice for any sufferer to make. Even when they’ve a safe, unencrypted backup of their essential knowledge to rebuild their techniques from, they are going to nonetheless need to deal with the attainable fall-out when delicate details about their enterprise, their staff, their suppliers, and their prospects is launched into the general public area by the criminals.
The repercussions of an information leak usually are not simply doubtlessly authorized, however an organization’s public picture and model status could also be severely tarnished by hackers that publish exfiltrated knowledge.
Finally, there isn’t a good choice – solely a selection between two disagreeable choices.
So, what motion ought to I take proper now?
One of the best factor to do is to make sure that you will have hardened defences in place earlier than a ransomware assault, to scale back the probabilities of it succeeding and limiting any potential influence on what you are promoting.
The FBI and CISA have printed mitigation steering and a variety of IOCs for each the Royal and BlackSuit ransomware households.
As well as, it will be sensible to observe our suggestions on learn how to defend your organisation from different ransomware.
These embody:
- making safe offsite backups.
- operating up-to-date safety options and guaranteeing that your computer systems are protected with the newest safety patches towards vulnerabilities.
- Limit an attacker’s means to unfold laterally by means of your organisation through community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate knowledge and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate knowledge wherever attainable.
- decreasing the assault floor by disabling performance that your organization doesn’t want.
- educating and informing employees concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal knowledge.
Keep secure, and do not permit your organisation to be the subsequent sufferer to fall foul of the BlackSuit ransomware group.
Editor’s Be aware: The opinions expressed on this visitor creator article are solely these of the contributor, and don’t essentially mirror these of Tripwire.
