Royal Ransomware Actors Rebrand as “BlackSuit”


The FBI and CISA recently published an update to the joint Cybersecurity Advisory “#StopRansomware: Royal Ransomware.” The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit variants (previously Royal).

FBI investigations identified these TTPs and IOCs as recently as July 2024. See WaterISAC’s coverage of the last two updates to the Joint Advisory. As of August 2024, BlackSuit ransomware attacks have spread across numerous critical infrastructure sectors. BlackSuit conducts data exfiltration and extortion prior to encryption and then publishes victim data to a leak site if a ransom is not paid.

Read more…
Source: Water ISAC


Sign up for our Newsletter


Related:

  • Scammers target Italian tycoons using defense minister’s AI-generated voice

    February 10, 2025

    Scammers target Italian tycoons using defense minister’s AI-generated voice on OpenAI Voice Engine Scammers used AI-generated voice of Italian Defense Minister Guido Crosetto in an atempts to steal millions of dollars from Italian business tycoons, according to reports. Crosetto said last Thursday on X that someone was using his name and his artificially generated voice to ...

  • Thai-Swiss-US Operation Nets Hackers Behind 1,000+ Cyber Attacks

    February 10, 2025

    Thai police arrested four European hackers in Phuket who allegedly stole $16 million through ransomware attacks affecting over 1,000 victims worldwide. The suspects, wanted by Swiss and US authorities, were caught in coordinated raids across four locations. Officers from Cyber Crime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan, conducted “Operation PHOBOS AETOR” in Phuket ...

  • 20 million OpenAI accounts offered for sale

    February 7, 2025

    A cybercriminal acting under the moniker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. A translation of the Russian statement by the poster says: “When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay ...

  • Engineer IMI becomes latest British firm to be hit by cyber attack

    February 6, 2025

    Engineering group IMI confirmed it had been hit by a cyber attack just a week after rival Smiths Group said hackers had gained access to its global systems. Birmingham-headquartered IMI declined to disclose what data had been accessed in the attack, but systems in a number of its locations globally are understood to have been hit. IMI ...

  • Grubhub confirms data breach, both drivers and customers are affected

    February 4, 2025

    Grubhub, the food delivery service, has been hacked. On Monday, the company confirmed a data breach that affects both its drivers and customers. According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub’s support team. The hacker was able to access private information connected ...

  • Deloitte to provide Rhode Island $5 million toward data breach aftermath expense

    February 4, 2025

    Deloitte will provide Rhode Island with $5 million to go toward paying expenses related to the RIBridges data breach that took place in December of 2024. Separately, Deloitte will also cover the cost of the data breach call center, credit monitoring for affected Rhode Islanders and identity protection, according to a statement from Rhode Island Governor ...