Blacksuit

Malware Profile Updated 16 days ago
Download STIX
Preview STIX
BlackSuit is a malicious software (malware) that was introduced in May 2023, believed to be a rebranding of the Royal ransomware operation, which itself was a branch of the now-defunct Conti ransomware operation. Various sources have reported similarities in code between Royal and BlackSuit, further supporting this theory. The malware infects systems through suspicious downloads, emails, or websites, often without users' knowledge. Once inside, it can disrupt operations, steal personal information, and hold data hostage for ransom. In Q1 2024, Symantec's investigations indicated that BlackSuit was responsible for 11% of ransomware attacks, following LockBit at 32% and Akira at 14%. These findings suggest that attackers using BlackSuit are more likely to advance their attacks to the payload deployment stage. Notably, BlackSuit has been linked to an East European ransomware group, with its transfer typically occurring over HTTP/S. The BlackSuit ransomware group has been implicated in a significant attack on CDK Global, a major provider of IT and digital marketing solutions to the automotive industry. The group disrupted operations at CDK's SaaS platforms across the United States and Canada, demanding millions of dollars in ransom. While CDK has not confirmed communication with the group, BlackSuit has claimed responsibility for the incident. As of the most recent reports, CDK is considering paying tens of millions in ransom, but the company's restoration efforts and confirmation of the attack's attribution to BlackSuit remain unclear.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Royal Ransomware
8
Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
Conti
7
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Alphv
3
AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Blackbasta
2
BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho
Threeam
1
ThreeAM, a developing ransomware group first identified by GRIT in September 2023, has been steadily increasing its operational tempo. This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites without the user's k
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Windows
Linux
Malware
Encryption
Ransom
Extortion
Payload
Health
Esxi
Phishing
Exploit
Loader
Hospitals
Exploits
Encrypt
Symantec
Zimbra
Apt
Locker
RaaS
Vulnerability
At
Scams
Vpn
Antivirus
School
Lateral_move...
Infiltration
Openssh
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AkiraUnspecified
2
Akira is a malicious software, or malware, specifically a type of ransomware known for its disruptive and damaging effects. First surfacing in late 2023, it has continued to wreak havoc on various entities, including corporations and industries. This ransomware infects systems through suspicious dow
LockbitUnspecified
2
LockBit is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them. It can enter your system through various channels such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt
Black SuitUnspecified
1
Black Suit is a notable piece of malware that emerged as a rebranding of the Royal ransomware. The connection between the two was established through matching binaries. This malicious software, designed to exploit and damage computer systems, has been linked to several cyberattacks. Notably, Black S
Blacksuit RansomwareUnspecified
1
None
CactusUnspecified
1
Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c
AresloaderUnspecified
1
AresLoader is a type of malware that was first advertised for sale on the top-tier Russian-language hacking forum XSS in December 2022 by a threat actor named "DarkBLUP". This malicious software is designed to exploit and damage computer systems, often infiltrating through suspicious downloads, emai
BatloaderUnspecified
1
Batloader is a malware downloader posing as installers or updates for legitimate applications such as Microsoft Teams, Zoom, and others. This malicious software can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal
PikabotUnspecified
1
PikaBot is a harmful malware that emerged in 2023, designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often undetected by the user. Once inside a system, PikaBot can pilfer personal information, disrupt operations, or even ransom d
DarkgateUnspecified
1
DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RhysidaUnspecified
1
Rhysida, a threat actor known for executing malicious cyber activities, has been responsible for numerous ransomware attacks. The group has primarily targeted businesses and healthcare organizations, with notable instances including a disruptive attack on Ann & Robert H. Lurie Children's Hospital of
BianlianUnspecified
1
BianLian is a threat actor that has been increasingly active in cybercrimes. The group is known for its malicious activities, including the execution of actions with harmful intent. In a series of recent events, BianLian has exploited vulnerabilities in JetBrains TeamCity, a continuous integration a
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Citrix BleedUnspecified
1
Citrix Bleed, identified as CVE-2023-4966, is a severe software vulnerability in Citrix Netscaler Gateway and Netscaler ADC products, with a high CVSS score of 9.4 indicating its critical nature. This flaw allows for sensitive information disclosure, bypassing password requirements and multifactor a
Source Document References
Information about the Blacksuit Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
15 days ago
Indiana County Files Disaster Declaration Following Ransomware Attack
InfoSecurity-magazine
16 days ago
Ransomware Surges Annually Despite Law Enforcement Takedowns
BankInfoSecurity
23 days ago
Auto Dealers Plan July Fourth Comeback After CDK Cyberattack
BankInfoSecurity
a month ago
CDK Begins Restoring Systems Amid Ransomware Payment Reports
DARKReading
a month ago
CDK Attack Shows Value of SaaS Contingency Planning
Checkpoint
a month ago
24th June – Threat Intelligence Report - Check Point Research
DARKReading
2 months ago
CISO Corner: Federal Cyber Deadlines Loom; Private Chatbot Danger
DARKReading
2 months ago
BlackSuit Claims Dozens of Victims With Ransomware
BankInfoSecurity
3 months ago
Suspected Attack Shuts Down US Blood Plasma Donation Centers
Checkpoint
3 months ago
15th April – Threat Intelligence Report - Check Point Research
Securityaffairs
4 months ago
Group Health Cooperative data breach impacted 530K individuals
CERT-EU
5 months ago
Operation Cronos: Who Are the LockBit Admins
Unit42
6 months ago
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Securityaffairs
6 months ago
Yearly Intel Trend Review: The 2023 RedSense report
CERT-EU
6 months ago
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs
CERT-EU
7 months ago
Universities, K-12 schools still recovering from cyber incidents over holiday season | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Royal Ransomware Gang adds BlackSuit Encryptor to their Arsenal | IT Security News
CERT-EU
10 months ago
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
CERT-EU
a year ago
Les dernières cyberattaques détectées | 13 juin 2023
CERT-EU
8 months ago
Group Claims Credit For Ransomware Attack On Hillcrest Healthcare System | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting