International Law Enforcement Takes Down BlackSuit Ransomware Group
International law enforcement has struck a blow against the BlackSuit ransomware group. The gang, active since April 2023, is believed to be a rebrand of Royal ransomware. They've targeted critical infrastructure sectors, demanding ransoms of up to $10 million USD.
The BlackSuit group uses a range of tools to steal credentials and map networks, including Mimikatz, Nirsoft, SharpShares, and SoftPerfect NetWorx. They gain initial access through phishing, exploiting vulnerabilities, or using access brokers. Once in, they encrypt data and demand high ransoms, typically paid in Bitcoin.
The group operates a Tor leak site to publish victim data if ransoms aren't paid. However, an international operation, 'Checkmate,' has seized their dark web data leak site. The FBI and CISA have released a report providing Indicators of Compromise (IoCs) to help organizations identify and respond to BlackSuit ransomware incidents.
The BlackSuit ransomware group's activities have been disrupted, but organizations must remain vigilant. The seized dark web sites and IoCs provided by the FBI and CISA can aid in detection and response efforts. Implementing their recommendations can help reduce the likelihood and impact of future ransomware incidents.
