.webp)
A recent trend involves BlackSuit actors making direct contact with victims via phone or email to escalate pressure
The FBI and CISA have issued a warning about BlackSuit ransomware, which has demanded ransoms totaling up to $500 million, with some individual demands reaching as high as $60 million. BlackSuit, an evolution of Royal ransomware, has targeted critical infrastructure across various sectors, including healthcare, government, and manufacturing.
The ransomware gains initial access through phishing, disarms antivirus software, and exfiltrates data before encrypting systems. Infection vectors include Remote Desktop Protocol (RDP), vulnerable internet applications, and access purchased from initial access brokers. BlackSuit actors utilize legitimate remote monitoring tools and malware like SystemBC and GootLoader to maintain persistence and access networks. They also employ credential-stealing tools such as Mimikatz and Nirsoft’s password harvesters. A recent trend involves BlackSuit actors making direct contact with victims via phone or email to escalate pressure, a tactic increasingly observed among ransomware groups. These actors have also threatened secondary victims and assessed stolen data for illegal activities to coerce payment and inflict reputational damage.
The rise of new ransomware families like Lynx and OceanSpy and evolving tactics among existing groups, such as Hunters International's use of SharpRhino malware, underscores the growing threat landscape. Claiming to be a rebranding of the Hive ransomware gang, Hunters International has already acknowledged 134 attacks in 2024. As ransomware tactics evolve, organizations are urged to enhance their cybersecurity measures and remain vigilant against these sophisticated threats.
.webp)
.webp)
