What is going on on?
A cybercriminal group calling itself BlackSuit has claimed duty for a collection of ransomware assaults, together with breaches at faculties in central Georgia.
And earlier within the 12 months, a zoo in Tampa Bay was focused by the identical hacking gang.
In the meantime, liberal arts faculty DePauw College in Indiana says that it was not too long ago focused, and a “restricted quantity of knowledge on particular people was accessed.” 214GB of stolen knowledge has since been made obtainable for obtain on BlackSuit’s extortion website on the darkish internet.
How come I have not heard of BlackSuit earlier than?
Chances are high that in case you’re inquisitive about cybersecurity, you are not an entire stranger to BlackSuit. Though BlackSuit first appeared in Could 2023, it seems to have robust hyperlinks to the Royal ransomware gang, which itself was born out of the stays of the infamous Conti group.
Are you suggesting that BlackSuit is a rebranding of the Royal and Conti ransomware teams?
It isn’t simply me. Final month the US Division of Well being and Human Providers (HHS) issued an advisory to the healthcare and public well being sector about BlackSuit that described its “hanging parallels” to Royal, and stated it was the “direct successor to the infamous Russian-linked Conti operation.”
The HHS warned that BlackSuit was “a risk actor to be carefully watched within the close to future”.
So is BlackSuit one other ransomware-as-a-service (RaaS) operation?
Not presently. Proper now, it can’t be thought-about ransomware-as-a-service as there are no identified associates of BlackSuit. After all, that may change sooner or later – however it’s potential that the malicious hackers behind BlackSuit are pleased holding their weapon (and the income it generates) to themselves.
How will I do know that my organisation has been hit by BlackSuit?
BlackSuit encrypts recordsdata in your Linux and Home windows programs and appends a “.blacksuit” extension to affected recordsdata. It additionally adjustments your desktop wallpaper, and drops a ransom notice (named “README.BlackSuit.txt”.
Ought to I pay the ransom?
That is the six million greenback query. Or ought to that be the 139 Bitcoins query? 🙂
It is true to say that paying ransoms encourages ransomware attackers. If no organisations ever paid up, there wouldn’t be ransomware assaults. So, paying the malicious folks trying to extort your organization is deeply unattractive.
Nevertheless, not paying is just not a straightforward choice for any sufferer to make. Even when they’ve a safe, unencrypted backup of their necessary knowledge to rebuild their programs from, they are going to nonetheless should deal with the potential fall-out when delicate details about their enterprise, their staff, their suppliers, and their clients is launched into the general public area by the criminals.
The repercussions of an information leak aren’t simply doubtlessly authorized, however an organization’s public picture and model status could also be severely tarnished by hackers that publish exfiltrated knowledge.
In the end, there isn’t any good choice – solely a alternative between two disagreeable choices.
So, what motion ought to I take proper now?
The perfect factor to do is to make sure that you’ve got hardened defences in place earlier than a ransomware assault, to cut back the probabilities of it succeeding and limiting any potential impression on your corporation.
The FBI and CISA have revealed mitigation steering and a spread of IOCs for each the Royal and BlackSuit ransomware households.
As well as, it could be sensible to observe our suggestions on the best way to shield your organisation from different ransomware.
These embrace:
- making safe offsite backups.
- working up-to-date safety options and making certain that your computer systems are protected with the newest safety patches towards vulnerabilities.
- Limit an attacker’s capacity to unfold laterally by means of your organisation by way of community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate knowledge and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate knowledge wherever potential.
- decreasing the assault floor by disabling performance that your organization doesn’t want.
- educating and informing workers concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal knowledge.
Keep protected, and do not enable your organisation to be the subsequent sufferer to fall foul of the BlackSuit ransomware group.
Editor’s Be aware: The opinions expressed on this visitor writer article are solely these of the contributor, and don’t essentially replicate these of Tripwire.