BlackSuit ransomware stole data of 950,000 from software vendor - #BlackSuit
The BlackSuit ransomware group, previously known as Royal, has been active since September 2022, demanding over $500 million in ransoms. Their tactics include phishing emails, Remote Desktop Protocol exploitation, and using legitimate software tools for lateral movement and persistence. The group employs double extortion, threatening to leak stolen data if ransoms ranging from $1 million to $60 million are not paid. Major targets include healthcare, government, and critical infrastructure sectors. Key incidents involve disrupting the City of Dallas services and shutting down Monroe County government offices. BlackSuit's advanced techniques, including disabling antivirus software and exploiting vulnerabilities, highlight the need for robust cybersecurity measures and continuous monitoring.