Black Suit

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Black Suit is a notable piece of malware that emerged as a rebranding of the Royal ransomware. The connection between the two was established through matching binaries. This malicious software, designed to exploit and damage computer systems, has been linked to several cyberattacks. Notably, Black Suit has targeted institutions such as DePauw University and Zoo Tampa. The malware can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it is capable of stealing personal information, disrupting operations, or even holding data for ransom. The Black Suit ransomware operation made headlines when it claimed responsibility for a major attack resulting in the theft of 214 GB of data. In addition to this, an Indiana-based liberal arts school, DePauw University, suffered a significant data breach on October 31. The breach compromised data from current and prospective students, and the incident was subsequently claimed by the Black Suit operation. The malware's activities underscore its potential to cause serious disruptions and violations of privacy. In the broader context of cybersecurity, Black Suit, alongside Royal and Akira, are considered significant beneficiaries of Conti's legacy. Its emergence and activity follow a pattern of disruption and rebranding seen with other malicious programs such as Hive ransomware and BlackByte. The latter also underwent a rebranding process similar to Black Suit, while another malware, NoEscape (formerly Avaddon), executed an exit scam. These events highlight the evolving nature of cyber threats and the importance of robust defenses against them.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Royal Ransomware
1
Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
Blackbyte
1
BlackByte, a threat actor known for its malicious activities, has been on the radar of cybersecurity agencies since its emergence in July 2021. Notorious for targeting critical infrastructure, BlackByte attracted the attention of the Federal Bureau of Investigation (FBI) and the US Secret Service (U
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Scam
University
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NoEscapeUnspecified
1
NoEscape is a malicious software that emerged as a rebrand of 'Avaddon,' known for its successful multi-extortion tactics. In October 2023, the French basketball team ASVEL fell victim to a data breach orchestrated by the NoEscape ransomware gang. This incident was part of a broader trend in the las
AvaddonUnspecified
1
Avaddon is a type of malware, specifically ransomware, designed to exploit and damage computer systems. It was notable for its compatibility with older systems such as Windows XP and Windows 2003, distinguishing it from other ransomware like Darkside and Babuk which targeted more modern systems like
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
AkiraUnspecified
1
Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
BlacksuitUnspecified
1
BlackSuit is a malicious software (malware) that was introduced in May 2023, believed to be a rebranding of the Royal ransomware operation, which itself was a branch of the now-defunct Conti ransomware operation. Various sources have reported similarities in code between Royal and BlackSuit, further
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Hive RansomwareUnspecified
1
Hive ransomware, a notorious threat actor, emerged as one of the most prolific groups in 2022, executing a series of cyberattacks with malicious intent. This group was responsible for numerous ransomware attacks, causing significant disruptions and damage across various sectors. However, in January
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Black Suit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Prince Harry arrives at High Court for hearing against Associated Newspapers over ‘hacking claims’ | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware
CERT-EU
8 months ago
Data breach hits DePauw University after Black Suit ransomware attack | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
DePauw University warns of data breach as ransomware attacks on colleges surge
CERT-EU
5 months ago
Jan Marsalek an Agent for Russia? The Double Life of the former Wirecard Executive
CERT-EU
5 months ago
Tackling the new generation of cyber threats | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
Ransomware Activity Surged in 2023, Likely to Evolve in 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
A look back to plan ahead | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting