Friend
Professional
- Messages
- 2,669
- Reaction score
- 944
- Points
- 113
After the rebranding, Royal ransomware raises all the bar.
The hacker group Royal has rebranded itself and now operates under the name BlackSuit. Already in the first months of their new activity, the ransomware demanded a total of more than $500 million in ransom, and the largest individual ransom request was $60 million. The FBI and CISA updated their warning about Royal's activities, confirming long-standing rumors that the group is now calling itself BlackSuit. From September 2022 to July 2023, the attackers operated under the name Royal, and since then they have changed their name to BlackSuit.
Analysis of the hacker code revealed numerous similarities between Royal and BlackSuit, which made it possible to establish a connection between them. BlackSuit, in turn, demonstrated improved capabilities compared to Royal. Phishing emails remain the main method of gaining initial access for hackers. Then the antivirus software is disabled, large amounts of data are exfiltrated, and ransomware is launched.
In the latter cases, victims receive calls or emails from ransomware with threats and ransom demands. According to Sophos, several ransomware groups use this method to put pressure on victims and their customers by threatening to make their data public. However, this tactic has not worked, as companies are more likely to make decisions about paying buybacks based on practical considerations – business downtime and regulatory requirements.
Hackers use legitimate tools to navigate through victims systems, and in some cases use real accounts to remotely log in, according to a new FBI technical report. Cybercriminals also disable antivirus software and use remote monitoring and management software to maintain access to victims networks.
BlackSuit has claimed responsibility for several recent attacks, including an attack on major Japanese media conglomerate Kadokawa and medical company Octapharma Plasma.
Recall that the group also in 2023 encrypted data in a number of Dallas city systems used by the police, fire departments, courts and other services. Police officers are still forced to keep all records by hand, and firefighters complain that they receive insufficient information from dispatchers, and therefore they may even accidentally arrive at the wrong address.
In addition, a large technology company CDK Global in June was the victim of a BlackSuit attack, which paralyzed the company's servers for 2 weeks. As a result of the incident, about 15,000 car dealers across the United States, including the Asbury, AutoNation, Group 1, Lithia and Sonic chains, faced a suspension of sales and registration of cars. The company eventually paid the ransomware $25 million in bitcoin to restore its operations.
Source
The hacker group Royal has rebranded itself and now operates under the name BlackSuit. Already in the first months of their new activity, the ransomware demanded a total of more than $500 million in ransom, and the largest individual ransom request was $60 million. The FBI and CISA updated their warning about Royal's activities, confirming long-standing rumors that the group is now calling itself BlackSuit. From September 2022 to July 2023, the attackers operated under the name Royal, and since then they have changed their name to BlackSuit.
Analysis of the hacker code revealed numerous similarities between Royal and BlackSuit, which made it possible to establish a connection between them. BlackSuit, in turn, demonstrated improved capabilities compared to Royal. Phishing emails remain the main method of gaining initial access for hackers. Then the antivirus software is disabled, large amounts of data are exfiltrated, and ransomware is launched.
In the latter cases, victims receive calls or emails from ransomware with threats and ransom demands. According to Sophos, several ransomware groups use this method to put pressure on victims and their customers by threatening to make their data public. However, this tactic has not worked, as companies are more likely to make decisions about paying buybacks based on practical considerations – business downtime and regulatory requirements.
Hackers use legitimate tools to navigate through victims systems, and in some cases use real accounts to remotely log in, according to a new FBI technical report. Cybercriminals also disable antivirus software and use remote monitoring and management software to maintain access to victims networks.
BlackSuit has claimed responsibility for several recent attacks, including an attack on major Japanese media conglomerate Kadokawa and medical company Octapharma Plasma.
Recall that the group also in 2023 encrypted data in a number of Dallas city systems used by the police, fire departments, courts and other services. Police officers are still forced to keep all records by hand, and firefighters complain that they receive insufficient information from dispatchers, and therefore they may even accidentally arrive at the wrong address.
In addition, a large technology company CDK Global in June was the victim of a BlackSuit attack, which paralyzed the company's servers for 2 weeks. As a result of the incident, about 15,000 car dealers across the United States, including the Asbury, AutoNation, Group 1, Lithia and Sonic chains, faced a suspension of sales and registration of cars. The company eventually paid the ransomware $25 million in bitcoin to restore its operations.
Source
