What is going on on?
A cybercriminal group calling itself BlackSuit has claimed accountability for a sequence of ransomware assaults, together with breaches at faculties in central Georgia.
And earlier within the yr, a zoo in Tampa Bay was focused by the identical hacking gang.
In the meantime, liberal arts school DePauw College in Indiana says that it was not too long ago focused, and a “restricted quantity of information on particular people was accessed.” 214GB of stolen knowledge has since been made accessible for obtain on BlackSuit’s extortion website on the darkish internet.
How come I have never heard of BlackSuit earlier than?
Chances are high that in the event you’re keen on cybersecurity, you are not an entire stranger to BlackSuit. Though BlackSuit first appeared in Could 2023, it seems to have robust hyperlinks to the Royal ransomware gang, which itself was born out of the stays of the infamous Conti group.
Are you suggesting that BlackSuit is a rebranding of the Royal and Conti ransomware teams?
It is not simply me. Final month the US Division of Well being and Human Providers (HHS) issued an advisory to the healthcare and public well being sector about BlackSuit that described its “hanging parallels” to Royal, and mentioned it was the “direct successor to the infamous Russian-linked Conti operation.”
The HHS warned that BlackSuit was “a menace actor to be intently watched within the close to future”.
So is BlackSuit one other ransomware-as-a-service (RaaS) operation?
Not presently. Proper now, it can’t be thought-about ransomware-as-a-service as there are not any identified associates of BlackSuit. In fact, which may change sooner or later – but it surely’s attainable that the malicious hackers behind BlackSuit are comfortable protecting their weapon (and the earnings it generates) to themselves.
How will I do know that my organisation has been hit by BlackSuit?
BlackSuit encrypts recordsdata in your Linux and Home windows programs and appends a “.blacksuit” extension to affected recordsdata. It additionally adjustments your desktop wallpaper, and drops a ransom word (named “README.BlackSuit.txt”.
Ought to I pay the ransom?
That is the six million greenback query. Or ought to that be the 139 Bitcoins query? 🙂
It is true to say that paying ransoms encourages ransomware attackers. If no organisations ever paid up, there wouldn’t be ransomware assaults. So, paying the malicious individuals making an attempt to extort your organization is deeply unattractive.
Nonetheless, not paying just isn’t a straightforward determination for any sufferer to make. Even when they’ve a safe, unencrypted backup of their essential knowledge to rebuild their programs from, they’ll nonetheless must deal with the attainable fall-out when delicate details about their enterprise, their workers, their suppliers, and their clients is launched into the general public area by the criminals.
The repercussions of a knowledge leak will not be simply probably authorized, however an organization’s public picture and model status could also be severely tarnished by hackers that publish exfiltrated knowledge.
In the end, there isn’t any good determination – solely a alternative between two disagreeable choices.
So, what motion ought to I take proper now?
The most effective factor to do is to make sure that you’ve hardened defences in place earlier than a ransomware assault, to scale back the probabilities of it succeeding and limiting any potential impression on your corporation.
The FBI and CISA have printed mitigation steerage and a spread of IOCs for each the Royal and BlackSuit ransomware households.
As well as, it might be sensible to observe our suggestions on find out how to defend your organisation from different ransomware.
These embody:
- making safe offsite backups.
- working up-to-date safety options and guaranteeing that your computer systems are protected with the newest safety patches towards vulnerabilities.
- Limit an attacker’s potential to unfold laterally by means of your organisation by way of community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate knowledge and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate knowledge wherever attainable.
- lowering the assault floor by disabling performance that your organization doesn’t want.
- educating and informing employees in regards to the dangers and strategies utilized by cybercriminals to launch assaults and steal knowledge.
Keep protected, and do not enable your organisation to be the following sufferer to fall foul of the BlackSuit ransomware group.
Editor’s Be aware: The opinions expressed on this visitor writer article are solely these of the contributor, and don’t essentially mirror these of Tripwire.
