Description
This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors since May 2023. It presents statistics from incident response engagements, explores the ransomware's behavior and technical analysis, and offers insights into the potential connections between BlackSuit and the Royal ransomware group. The document examines the threat actor's tactics, including encryption methods, network scanning, and data exfiltration techniques. It also provides indicators of compromise and recommends mitigation strategies to enhance defense against this evolving cyber threat.
Date
| Published | Created | Modified |
|---|---|---|
| July 8, 2024, 10:54 a.m. | July 8, 2024, 10:54 a.m. | July 8, 2024, 10:56 a.m. |
Indicators
f1684fb118d4d8fc56653fcc49e12a659b64c4459ba037fa94f21783235cc6ba
dede96fd44c0f78eb79ceb63b898874e8922efc59d8bfb9f86505b1992bc00a3
d96ff4b3e188f7ff96ed28c1381a6318dd76bb1fbd6ca02c6ab0236e1c7f35aa
79ab73a0e9dd8eac045c00fd1bd172a7f359588901f93c83e6740157eb21e7df
http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=[32-characters]
http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=77777777777777777777777777777777777777
Attack Patterns
Blacksuit
BlackSuit
T1089
T1012
T1497
T1021
T1489
T1486
T1082
T1105
T1083
T1027
T1562
T1059
Additional Informations
Public Services
Professional Services
Retail
Healthcare
Entertainment
Finance
Manufacturing