August 7, 2024 at 06:27PM
CISA and the FBI confirmed that the Royal ransomware rebranded to BlackSuit, demanding over $500 million from victims since September 2022. The joint advisory details the gang’s evolution, attack tactics, and linked organizations. Notably, the BlackSuit gang caused a widespread IT outage at CDK Global, affecting over 15,000 car dealerships.
From the meeting notes, the key takeaways are:
1. The Royal ransomware rebranded to BlackSuit and has been demanding over $500 million from victims since September 2022.
2. BlackSuit is linked to the Conti cybercrime syndicate and has been involved in attacks against over 350 organizations, with at least $275 million in ransom demands.
3. BlackSuit shared numerous coding similarities with Royal ransomware and has exhibited improved capabilities.
4. BlackSuit gang was behind a massive CDK Global IT outage that disrupted operations at over 15,000 car dealerships across North America.
Additionally, there is a list of tactics, techniques, and procedures (TTPs) to help defenders block the gang’s attempts to deploy ransomware on their networks, and it’s important to note that the agencies have issued advisories to provide indicators of compromise to assist in defending against BlackSuit ransomware attacks.