The FBI and CISA have published a joint report on the activities of the BlackSuit Ransomware group, which is a rebrand of the formerly known Royal Ransomware group. The document outlines the new tactics, methods and indicators of compromise (IoC) observed in July 2024.
The FBI and CISA have released an updated report on the activities of the BlackSuit Ransomware group. This group is a rebrand of the formerly known Royal Ransomware and currently targets critical infrastructure, including commercial facilities, healthcare, government agencies and manufacturing.
– BlackSuit uses a variety of methods to compromise victims’ networks, including phishing and exploiting vulnerabilities in publicly available applications.
– The group actively uses data-stealing tools such as Cobalt Strike and Ursnif.
– Ransom demands range from $1 million to $10 million, with the group often agreeing to negotiate the ransom amount.
– In recent months, there has been an increase in direct contact with victims, such as phone calls or emails.
The FBI and CISA recommend that organizations implement suggested risk mitigation measures to reduce the likelihood and impact of BlackSuit Ransomware attacks. Following these recommendations can significantly improve protection against such incidents.