August 8, 2024 at 10:51AM
CISA and the FBI confirmed that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged. BlackSuit gang has been active since September 2022 and is linked to attacks against over 350 organizations. They sought ransom payments in Bitcoin, with the largest demand reaching $60 million.
Based on the meeting notes, the key takeaways are:
1. The Royal ransomware has rebranded to BlackSuit and has demanded over $500 million from victims since its emergence more than two years ago.
2. The BlackSuit gang has been active since September 2022 and is believed to be a direct successor of the Conti cybercrime syndicate.
3. BlackSuit ransom demands have ranged from approximately $1 million to $10 million USD, with a total of over $500 million demanded, and the largest individual ransom demand being $60 million.
4. CISA and the FBI have linked the BlackSuit gang to attacks against over 350 organizations since September 2022, resulting in at least $275 million in ransom demands.
5. The BlackSuit gang was identified as being behind a massive CDK Global IT outage that disrupted operations at over 15,000 car dealerships across North America.
6. The joint advisory by CISA and the FBI provides indicators of compromise and a list of tactics, techniques, and procedures (TTPs) to help defenders block the gang’s attempts to deploy ransomware on their networks.
These takeaways can be used to inform stakeholders and decision-makers about the evolving threat landscape posed by the BlackSuit ransomware gang and the steps being taken to mitigate its impact on organizations.