Adrian Johnson
TLDR:
- BlackSuit ransomware demands up to $500 million in ransoms, with one individual demand reaching $60 million.
- Ransomware targets critical infrastructure sectors using phishing emails, RDP, and vulnerable applications.
The BlackSuit ransomware strain has been highlighted in an advisory by the FBI and CISA, revealing exorbitant ransom demands of up to $500 million, with cases of individual demands reaching $60 million. This strain, an evolution of Royal ransomware, infiltrates systems through phishing emails, disarming antivirus software to exfiltrate sensitive data before encrypting systems. The threat actors utilize various tools like SystemBC and GootLoader malware to maintain persistence in victim networks, using techniques such as SharpShares and Mimikatz to enumerate victim networks and steal credentials. Beside the hefty ransom demands, the BlackSuit actors are employing aggressive tactics, like threatening victims with telephonic or email communications, and assessing stolen data for illegal activities to coerce targets into paying up. The rise of new ransomware variants like Lynx, OceanSpy, and Radar, along with the evolving modus operandi of existing groups like Hunters International, indicates a continuous threat landscape that organizations need to address.
