BlackSuit Ransomware: Insights and Defense Strategies
July 8, 2024, 10:56 a.m.
Description
This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors since May 2023. It presents statistics from incident response engagements, explores the ransomware's behavior and technical analysis, and offers insights into the potential connections between BlackSuit and the Royal ransomware group. The document examines the threat actor's tactics, including encryption methods, network scanning, and data exfiltration techniques. It also provides indicators of compromise and recommends mitigation strategies to enhance defense against this evolving cyber threat.
Tags
Date
- Created: July 8, 2024, 10:54 a.m.
- Published: July 8, 2024, 10:54 a.m.
- Modified: July 8, 2024, 10:56 a.m.
Indicators
- f1684fb118d4d8fc56653fcc49e12a659b64c4459ba037fa94f21783235cc6ba
- dede96fd44c0f78eb79ceb63b898874e8922efc59d8bfb9f86505b1992bc00a3
- d96ff4b3e188f7ff96ed28c1381a6318dd76bb1fbd6ca02c6ab0236e1c7f35aa
- 79ab73a0e9dd8eac045c00fd1bd172a7f359588901f93c83e6740157eb21e7df
- http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=[32-characters]
- http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=77777777777777777777777777777777777777
- weg7sdx54bevnvulapqu6bpzwztryeflq3s23tegbmnhkbpqz637f2yd.onion
- c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion
Attack Patterns
- Blacksuit
- BlackSuit
- T1089
- T1012
- T1497
- T1021
- T1489
- T1486
- T1082
- T1105
- T1083
- T1027
- T1562
- T1059
Additional Informations
- Public Services
- Professional Services
- Retail
- Healthcare
- Entertainment
- Finance
- Manufacturing