BlackSuit Ransomware: Insights and Defense Strategies
July 8, 2024, 10:56 a.m.
Tags
External References
Description
This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors since May 2023. It presents statistics from incident response engagements, explores the ransomware's behavior and technical analysis, and offers insights into the potential connections between BlackSuit and the Royal ransomware group. The document examines the threat actor's tactics, including encryption methods, network scanning, and data exfiltration techniques. It also provides indicators of compromise and recommends mitigation strategies to enhance defense against this evolving cyber threat.
Date
Published: July 8, 2024, 10:54 a.m.
Created: July 8, 2024, 10:54 a.m.
Modified: July 8, 2024, 10:56 a.m.
Indicators
f1684fb118d4d8fc56653fcc49e12a659b64c4459ba037fa94f21783235cc6ba
dede96fd44c0f78eb79ceb63b898874e8922efc59d8bfb9f86505b1992bc00a3
d96ff4b3e188f7ff96ed28c1381a6318dd76bb1fbd6ca02c6ab0236e1c7f35aa
79ab73a0e9dd8eac045c00fd1bd172a7f359588901f93c83e6740157eb21e7df
http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=[32-characters]
http://c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion/?id=77777777777777777777777777777777777777
weg7sdx54bevnvulapqu6bpzwztryeflq3s23tegbmnhkbpqz637f2yd.onion
c7jpc6h2ccrdwmhofuij7kz6sr2fg2ndtbvvqy4fse23cf7m2e5hvqid.onion
Attack Patterns
Blacksuit
BlackSuit
T1089
T1012
T1497
T1021
T1489
T1486
T1082
T1105
T1083
T1027
T1562
T1059
Additional Informations
Public Services
Professional Services
Retail
Healthcare
Entertainment
Finance
Manufacturing