In less than two years, an notorious ransomware group has extracted more than half a billion dollars from its victims through malicious demands.
According to a joint alert issued by the U.S. Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI), alarming statistics have been revealed regarding the threat posed by the BlackSuit hacking group.
The BlackSuit ransomware, confirming its advisory, represents an evolutionary step forward for the notorious Royal ransomware that garnered widespread attention by targeting victims from inception onwards. Established from the ashes of the infamous Russian Conti gang.
BlackSuit, a type of ransomware, is notorious for its modus operandi: it extracts sensitive information from breached corporate networks and then threatens to publicly release the pilfered data unless a ransom is paid.
The prevalence of BlackSuit is not necessarily tied to its distinctiveness. What sets BlackSuit apart from other ransomware gangs is the staggering scale of financial demands it has made against its numerous targets.
According to the joint advisory issued by the CISA and FBI:
Typically, ransom demands have fluctuated between approximately $1 million and $10 million USD, with the payment requested being made in Bitcoin. The Black Suit actors are demanding a substantial sum of over $500 million USD, with the largest individual ransom request standing at a staggering $60 million.
Although the initial ransom demand’s amount remains unspecified in the preliminary ransom notice sent during an attack, it is actually provided when a victim directly contacts the attacker by clicking on a link on the dark web.
Notices have recently highlighted an increase in cases where victims have received email communications directly from their attackers during ransomware negotiations.
If BlackSuite determines that a target is unlikely to cooperate with their demands or refuse to negotiate, they will often publicly release the individual’s information on their leak site.
While BlackSuit’s substantial ransom demands may elicit understandable concerns among many organizations, the CISA/FBI advisory highlights its demonstrated flexibility in negotiating ransom prices.
In conclusion, this assertion does not necessarily suggest that paying the ransom is always the best course of action in the event of a successful ransomware attack.
Paying ransoms emboldens criminals to perpetuate further attacks, while refusing to pay can lead to significant costs in restoring customer trust, brand reputation, and reestablishing partnerships with stakeholders.
Suffering a ransomware attack often leaves victims with little option but to choose between two unappealing outcomes: pay the demanded sum or risk permanent data loss.
Previous victims of the notorious BlackSuit ransomware gang include hospitals, schools, and major corporations such as.
