Blacksuit Ransomware

Malware updated a month ago (2024-11-29T13:53:17.377Z)
Download STIX
Preview STIX
The BlackSuit ransomware, a malicious software variant designed to encrypt and ransom victims' files, emerged in May 2023 as a direct evolution of the Royal ransomware. The group behind this threat, known as Ignoble Scorpius, was identified by Unit 42 Threat Intelligence, which also observed an increase in BlackSuit activity beginning in March 2024. This ramp-up of operations suggests a significant escalation in the group's activities. Analysis from TrendMicro and SentinelOne in 2023 revealed that BlackSuit ransomware has more command-line flags than recent samples, indicating its complexity. This ransomware has caused substantial disruptions across various sectors. Notably, it targeted CDK Global, a major provider of IT and digital marketing solutions to the automotive industry, affecting their SaaS platforms across the United States and Canada. Additionally, the BlackSuit ransomware gang claimed responsibility for an attack on Charles Darwin School, resulting in the theft of sensitive student data. These incidents highlight the broad range of targets and the potential severity of the threats posed by this malware. Furthermore, Kadokawa, a Japanese media company involved in manga, anime, and video games, experienced a data leak following an alleged BlackSuit ransomware attack in June 2024. It's important to note that the BlackSuit ransomware group is a rebrand of the Royal gang, maintaining the same modus operandi of encrypting and ransoming victim’s files. Given these developments, both the FBI and CISA have issued a joint advisory on the BlackSuit Ransomware group, urging organizations to implement robust cybersecurity measures.
Description last updated: 2024-11-21T10:27:09.110Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Royal Ransomware is a possible alias for Blacksuit Ransomware. Royal Ransomware is a form of malware that was active from September 2022 through June 2023. This malicious software, designed to exploit and damage computers or devices, would infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it could stea
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Blacksuit Malware is associated with Blacksuit Ransomware. BlackSuit is a new strain of malware, specifically ransomware, that has been causing significant damage to computer systems. It is believed to be a rebranding of the Royal ransomware gang, as indicated by similarities in code between the two. This suspicion was confirmed by warnings from both the CyUnspecified
7