Royal Ransomware Actors Rebrand as “BlackSuit”


The FBI and CISA recently published an update to the joint Cybersecurity Advisory “#StopRansomware: Royal Ransomware.” The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit variants (previously Royal).

FBI investigations identified these TTPs and IOCs as recently as July 2024. See WaterISAC’s coverage of the last two updates to the Joint Advisory. As of August 2024, BlackSuit ransomware attacks have spread across numerous critical infrastructure sectors. BlackSuit conducts data exfiltration and extortion prior to encryption and then publishes victim data to a leak site if a ransom is not paid.

Read more…
Source: Water ISAC


Sign up for our Newsletter


Related:

  • Ghana to set up national cyber security council

    March 30, 2017

    Ghana is to establish a national cyber security council to tackle the increasing rate of cyber crime in the country. The initiative is part of the government’s effort to build a comprehensive cyber security governance arrangement involving all key public and private sector stakeholders. The National Cyber Security Council will be an independent advisory body made ...

  • New Clues Surface on Shamoon 2’s Destructive Behavior

    March 27, 2017

    Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate tools, such as the open source utility PAExec, and ...

  • Indian Startup Develops a Next-Gen Cybersecurity Solution on the Blockchain

    March 26, 2017

    A new innovative prototype startup powered by blockchain technology for cybersecurity has recently launched in India aimed at curbing the global phenomenon of cybercrime. Mumbai-based Block Armour was thought up by Narayan Neelakantan, former CISO and Head of IT Risk and Compliance with India’s National Stock Exchange (NSE) and Floyd DCosta, who has a background in ...

  • Apple Pressured to Pay Ransom by Hackers Threatening to Remotely Wipe iPhones

    March 22, 2017

    Apple is currently under pressure to pay a ransom to a group of hackers who are threatening to remotely wipe iPhones. It seems the hackers are identifying themselves as “Turkish Crime Family.” Taking into account just how big Apple is and how deep its pockets go, the hackers only demanded $75,000 in Bitcoin or Ethereum, another ...

  • New Spam Campaign via Necurs Botnet Tries to Manipulate the Stock Market

    March 21, 2017

    The Necurs botnet is known as the largest spam botnet in the world, particularly for distributing Locky ransomware and Dridex. Now, it looks like Necurs is taking on a new role as someone tries to manipulate the stock market. The discovery was made by Cisco’s threat intelligence organization Talos, which notes that after being offline for ...

  • Cyber Firm at Center of Russian Hacking Charges Misread Data

    March 21, 2017

    An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election. The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with ...