The federal government’s campaign to #StopRansomware: BlackSuit (Royal) Ransomware was updated Aug. 7 to reflect tactics, techniques and procedures observed as recently as July. There are also new indications of compromise listed within the tool.
BlackSuit’s Royal ransomware was previously used from September 2022 to June 2023, and has now “exhibited improved capabilities.”
BlackSuit typically exfiltrates data and then extorts organizations before encrypting the data. If the ransom isn’t paid, the hackers leak the data online. BlackSuit gains entrance into organizations’ systems through phishing emails and then disables antivirus software before launching the attack.
The report noted ransomware demands have ranged from $1 million to $10 million, and the hackers request payment in bitcoin. In some cases, BlackSuite has asked for more than $500 million in ransom and has been able to raise $60 million from one attack. The threat actors have also been willing to negotiate with victims.
“Recently, an uptick was observed in the number of instances where victims received telephonic or email communications from BlackSuit actors regarding the compromise and ransom,” notes the report.
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
