BlackSuit Ransomware: Insights and Defense Strategies

July 8, 2024, 10:56 a.m.

Description

This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors since May 2023. It presents statistics from incident response engagements, explores the ransomware's behavior and technical analysis, and offers insights into the potential connections between BlackSuit and the Royal ransomware group. The document examines the threat actor's tactics, including encryption methods, network scanning, and data exfiltration techniques. It also provides indicators of compromise and recommends mitigation strategies to enhance defense against this evolving cyber threat.

Date

  • Created: July 8, 2024, 10:54 a.m.
  • Published: July 8, 2024, 10:54 a.m.
  • Modified: July 8, 2024, 10:56 a.m.

Indicators

  • f1684fb118d4d8fc56653fcc49e12a659b64c4459ba037fa94f21783235cc6ba
  • dede96fd44c0f78eb79ceb63b898874e8922efc59d8bfb9f86505b1992bc00a3
  • d96ff4b3e188f7ff96ed28c1381a6318dd76bb1fbd6ca02c6ab0236e1c7f35aa
  • 79ab73a0e9dd8eac045c00fd1bd172a7f359588901f93c83e6740157eb21e7df
  • http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=[32-characters]
  • http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=77777777777777777777777777777777777777
  • weg7sdx54bevnvulapqu6bpzwztryeflq3s23tegbmnhkbpqz637f2yd.onion
  • c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion

Attack Patterns

  • Blacksuit
  • BlackSuit
  • T1089
  • T1012
  • T1497
  • T1021
  • T1489
  • T1486
  • T1082
  • T1105
  • T1083
  • T1027
  • T1562
  • T1059

Additional Informations

  • Public Services
  • Professional Services
  • Retail
  • Healthcare
  • Entertainment
  • Finance
  • Manufacturing