What is going on on?
A cybercriminal group calling itself BlackSuit has claimed accountability for a collection of ransomware assaults, together with breaches at faculties in central Georgia.
And earlier within the yr, a zoo in Tampa Bay was focused by the identical hacking gang.
In the meantime, liberal arts faculty DePauw College in Indiana says that it was not too long ago focused, and a “restricted quantity of knowledge on particular people was accessed.” 214GB of stolen knowledge has since been made obtainable for obtain on BlackSuit’s extortion web site on the darkish internet.
How come I have never heard of BlackSuit earlier than?
Likelihood is that in case you’re curious about cybersecurity, you are not an entire stranger to BlackSuit. Though BlackSuit first appeared in Could 2023, it seems to have sturdy hyperlinks to the Royal ransomware gang, which itself was born out of the stays of the infamous Conti group.
Are you suggesting that BlackSuit is a rebranding of the Royal and Conti ransomware teams?
It isn’t simply me. Final month the US Division of Well being and Human Companies (HHS) issued an advisory to the healthcare and public well being sector about BlackSuit that described its “hanging parallels” to Royal, and stated it was the “direct successor to the infamous Russian-linked Conti operation.”
The HHS warned that BlackSuit was “a risk actor to be intently watched within the close to future”.
So is BlackSuit one other ransomware-as-a-service (RaaS) operation?
Not presently. Proper now, it can’t be thought-about ransomware-as-a-service as there are no recognized associates of BlackSuit. After all, that may change sooner or later – however it’s attainable that the malicious hackers behind BlackSuit are joyful conserving their weapon (and the income it generates) to themselves.
How will I do know that my organisation has been hit by BlackSuit?
BlackSuit encrypts recordsdata in your Linux and Home windows techniques and appends a “.blacksuit” extension to affected recordsdata. It additionally adjustments your desktop wallpaper, and drops a ransom word (named “README.BlackSuit.txt”.
Ought to I pay the ransom?
That is the six million greenback query. Or ought to that be the 139 Bitcoins query? 🙂
It is true to say that paying ransoms encourages ransomware attackers. If no organisations ever paid up, there wouldn’t be ransomware assaults. So, paying the malicious individuals trying to extort your organization is deeply unattractive.
Nonetheless, not paying just isn’t a straightforward choice for any sufferer to make. Even when they’ve a safe, unencrypted backup of their necessary knowledge to rebuild their techniques from, they may nonetheless should deal with the attainable fall-out when delicate details about their enterprise, their workers, their suppliers, and their clients is launched into the general public area by the criminals.
The repercussions of an information leak aren’t simply probably authorized, however an organization’s public picture and model popularity could also be severely tarnished by hackers that publish exfiltrated knowledge.
Finally, there is no such thing as a good choice – solely a selection between two disagreeable choices.
So, what motion ought to I take proper now?
The most effective factor to do is to make sure that you’ve hardened defences in place earlier than a ransomware assault, to cut back the probabilities of it succeeding and limiting any potential affect on your online business.
The FBI and CISA have revealed mitigation steering and a spread of IOCs for each the Royal and BlackSuit ransomware households.
As well as, it could be smart to comply with our suggestions on learn how to defend your organisation from different ransomware.
These embrace:
- making safe offsite backups.
- working up-to-date safety options and guaranteeing that your computer systems are protected with the newest safety patches towards vulnerabilities.
- Limit an attacker’s skill to unfold laterally via your organisation through community segmentation.
- utilizing hard-to-crack distinctive passwords to guard delicate knowledge and accounts, in addition to enabling multi-factor authentication.
- encrypting delicate knowledge wherever attainable.
- decreasing the assault floor by disabling performance that your organization doesn’t want.
- educating and informing workers concerning the dangers and strategies utilized by cybercriminals to launch assaults and steal knowledge.
Keep secure, and do not permit your organisation to be the subsequent sufferer to fall foul of the BlackSuit ransomware group.
Editor’s Be aware: The opinions expressed on this visitor writer article are solely these of the contributor, and don’t essentially replicate these of Tripwire.
