Blacksuit Ransomware

Malware updated 16 hours ago (2024-10-17T13:03:37.052Z)
Download STIX
Preview STIX
The BlackSuit ransomware is a malicious software designed to exploit and damage computer systems, often holding data hostage for ransom. Introduced in May 2023, it is a continuation or new version of the Royal ransomware operation, with the rebranding officially noted by the FBI and CISA in an advisory update on August 7, 2024. The advisory provided network defenders with new Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IOCs), and detection methods related to the BlackSuit ransomware. The BlackSuit ransomware group, previously known as the Royal gang, has claimed responsibility for the attacks. The group's activities have caused significant disruptions across various sectors. In one instance, they targeted CDK Global, a major provider of IT and digital marketing solutions to the automotive industry, affecting their Software-as-a-Service platforms across the United States and Canada. In another attack, they claimed responsibility for a breach at Charles Darwin School, leading to the theft of sensitive student data. Moreover, the group added Young Consulting to its list of victims on its Tor leak site in May. Furthermore, the BlackSuit ransomware group is also linked to an alleged attack on Kadokawa, a Japanese media company involved in manga, anime, and video games, in June, resulting in an additional data leak. This group was previously responsible for shutting down Dallas last year before their rebranding. As such, the BlackSuit ransomware presents a serious threat to organizations across multiple industries, highlighting the need for robust cybersecurity measures and timely updates on threat intelligence.
Description last updated: 2024-10-17T12:59:59.603Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Royal Ransomware is a possible alias for Blacksuit Ransomware. The Royal Ransomware, a harmful malware program designed to exploit and damage computer systems, operated from September 2022 through June 2023. It employed multi-threaded encryption to disrupt operations and hold data hostage for ransom. The ransomware was primarily disseminated through suspicious
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Blacksuit Malware is associated with Blacksuit Ransomware. BlackSuit is a malicious software (malware) that has been causing significant harm in the digital world. It infiltrates systems through dubious downloads, emails, or websites, and once inside, it can steal personal data, disrupt operations, or hold data hostage for ransom. BlackSuit malware, which iUnspecified
6
Source Document References
Information about the Blacksuit Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
4 months ago
Checkpoint
a month ago
Checkpoint
2 months ago
Securityaffairs
2 months ago
Checkpoint
2 months ago
Securityaffairs
2 months ago
Securityaffairs
2 months ago
Securityaffairs
2 months ago
CISA
2 months ago
CERT-EU
a year ago
Checkpoint
4 months ago