May 29, 2024 at 10:56AM
The BlackSuit ransomware gang, linked to the Royal gang, targets US-based companies in critical sectors with a focus on financial gain. Using advanced methods, the group’s attack tactics include lateral movement, Kerberoasting, FTP exfiltration, and ransomware deployment. Mitigation tactics involve network configuration management and strengthening password encryption to prevent such attacks.
Key takeaways from the meeting notes are as follows:
– The BlackSuit ransomware gang has been active since May 2023 and has targeted 53 organizations within a year, primarily focusing on US-based companies in critical sectors such as education and industrial goods.
– The group has a strong financial motivation and uses advanced tactics, techniques, and procedures, indicating a high level of experience and technical proficiency among its operators.
– An attack by BlackSuit in April involved a series of sophisticated steps, including gaining VPN access, lateral movement across Windows workstations, Kerberoasting, file exfiltration via FTP, and the deployment of ransomware from a virtual machine.
– Mitigation tactics suggested by ReliaQuest include deploying network device configurations through centralized change management, monitoring Windows event logs, and strengthening password security to prevent attacks such as Kerberoasting.
These takeaways highlight the advanced nature of the BlackSuit ransomware group’s operations and provide valuable insights into the specific attack observed and potential mitigation strategies for organizations to consider.