The Cybersecurity & Infrastructure Security Agency partnered with the FBI to recommend new mitigation tactics to combat BlackSuit ransomware attacks, which have spread across the healthcare industry.
The federal government's campaign to #StopRansomware: BlackSuit (Royal) Ransomware was updated Aug. 7 to reflect tactics, techniques and procedures observed as recently as July. There are also new indications of compromise listed within the tool.
BlackSuit's Royal ransomware was previously used from September 2022 to June 2023, and has now "exhibited improved capabilities."
BlackSuit typically exfiltrates data and then extorts organizations before encrypting the data. If the ransom isn't paid, the hackers leak the data online. BlackSuit gains entrance into organizations' systems through phishing emails and then disables antivirus software before launching the attack.
The report noted ransomware demands have ranged from $1 million to $10 million, and the hackers request payment in bitcoin. In some cases, BlackSuite has asked for more than $500 million in ransom and has been able to raise $60 million from one attack. The threat actors have also been willing to negotiate with victims.
"Recently, an uptick was observed in the number of instances where victims received telephonic or email communications from BlackSuit actors regarding the compromise and ransom," notes the report.