The FBI and CISA have alerted organizations about a new ransomware strain known as BlackSuit. This malware is an advanced version of the Royal ransomware, which caused significant disruptions between September 2022 and June 2023. Since becoming active in July 2024, BlackSuit has become a major concern due to its improved capabilities and more sophisticated attack methods. While it has ties to the older Royal ransomware, BlackSuit brings new features that increase its threat level, making it a serious risk for organizations.
How BlackSuit Ransomware Operates
The FBI and CISA have provided a detailed analysis of how BlackSuit operates, outlining the tactics, techniques, and procedures (TTPs) used by this ransomware. BlackSuit first steals data from victims before locking their files through encryption, using a strategy known as double extortion. If the victims do not pay the ransom, the attackers threaten to publicly release the stolen information on a leak site, putting additional pressure on them to meet the demands.
Initial Access
BlackSuit typically gains entry into networks through phishing emails, often disguised as harmless PDF attachments or links to malicious websites.
Besides phishing, the ransomware actors exploit vulnerabilities in publicly accessible applications, compromise Remote Desktop Protocol (RDP) systems, and acquire VPN credentials from initial access brokers.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: