Blacksuit

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
BlackSuit is a dangerous malware that has been causing significant disruption in the U.S., particularly within the healthcare sector. It is believed to be a rebranding of the Royal ransomware gang, itself a descendant of the Russian Conti gang. Notably, BlackSuit appears to be perpetrating its extortion activities independently, rather than following the 'ransomware-as-a-service' model adopted by its predecessors. The malware's modus operandi involves infiltrating systems, often via HTTP/S, and then holding data hostage for ransom. Its threat became prominent in January when the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center issued a warning to healthcare entities about potential BlackSuit attacks. The malware has had a significant impact on various organizations. Among its victims are the Group Health Cooperative of South Central Wisconsin (GHC-SCW), a provider of insurance and primary and specialty care services, and East Central University (ECU) in Ada, Oklahoma. GHC-SCW was contacted by the foreign ransomware gang claiming responsibility for the attack and data theft, with the BlackSuit gang subsequently adding the cooperative to its Tor leak site in March. As of a recent report, 52 victims of BlackSuit have been identified by the dark web monitoring website Darkfeed. More recently, the U.S. operations of Swiss pharmaceutical maker Octapharma Plasma reportedly fell victim to a BlackSuit ransomware infection. The company was forced to shut down nearly 200 blood plasma donation centers due to "network issues" suspected to have been caused by the BlackSuit ransomware gang. Although Octapharma Plasma has not yet responded to requests for comment regarding the incident, these developments further underscore the serious threat posed by BlackSuit to organizations across different sectors.
What's your take? (Question 1 of 5)
50cc9094-8623-4f8f-acd2-27f04288ba86 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Conti
7
Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malicious software has been used in conjunction with other forms of malware such as Trickbot, BazarLoader, IcedID, and Cobalt S
Royal Ransomware
7
Royal Ransomware, a harmful malware created by former members of the Conti group, was involved in multiple high-profile attacks against critical infrastructure. Its operations were characterized by multi-threaded encryption and it often left a ransom note after infecting systems. Notably, the Royal
Alphv
3
AlphV, also known as BlackCat, is a significant threat actor within the cybercrime landscape. Throughout 2023, AlphV has been responsible for numerous high-profile ransomware attacks, stealing significant amounts of data from various organizations. The group claimed responsibility for hacking Clario
Blackbasta
2
BlackBasta is a notorious malware, specifically a ransomware, that has been actively exploiting and damaging computer systems since its first appearance in April 2022. The ransomware primarily used SharpDepositorCrypter as its loader throughout most of 2022, often in conjunction with other malicious
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Extortion
Windows
Linux
Health
Exploit
Esxi
Encryption
Ransom
Loader
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AkiraUnspecified
2
Akira is a compact C++ ransomware that has wreaked havoc across various sectors, impacting over 60 organizations globally. It is compatible with both Windows and Linux systems and is known for its minimalistic JQuery Terminal-based hidden service used for victim communication. The malware enters you
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Blacksuit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Trend Micro
a year ago
Investigating BlackSuit Ransomware’s Similarities to Royal
CERT-EU
a year ago
Investigating BlackSuit Ransomware’s Similarities to Royal | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Cactus Ransomware, BlackSuit, and more: Hacker’s Playbook Threat Coverage Round-up: June 29, 2023
CERT-EU
6 months ago
FBI and CISA Say the Royal Ransomware Group May Rebrand
CERT-EU
a year ago
Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware
Unit42
4 months ago
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
CERT-EU
6 months ago
FBI: Royal ransomware asked 350 victims to pay $275 million
CERT-EU
6 months ago
Royal ransomware gang’s demands top $275M from 350-plus victims in a year
BankInfoSecurity
a month ago
Suspected Attack Shuts Down US Blood Plasma Donation Centers
CERT-EU
6 months ago
Royal ransomware may soon rebrand, BlackSuit links confirmed
Pulsedive
5 months ago
Pulsedive Blog | 2023 in Review
Securityaffairs
4 months ago
Yearly Intel Trend Review: The 2023 RedSense report
CERT-EU
6 months ago
How Groveport Madison is fighting a hacker breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
BlackSuit ransomware – what you need to know
Malwarebytes
a year ago
Ransomware review: June 2023
CERT-EU
6 months ago
Ransomware attacks hurting hospitals | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
a year ago
Les dernières cyberattaques détectées | 13 juin 2023
Checkpoint
5 months ago
18th December – Threat Intelligence Report - Check Point Research
CERT-EU
6 months ago
US says Royal ransomware gang plans ‘Blacksuit’ rebrand
CERT-EU
6 months ago
Schools in Maine, Indiana and Georgia contend ransomware attacks