Ransomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack Methods



Tale of Two Ransomware VariantsThe ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.

The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal.

It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.

According to the advisory, BlackSuit heavily relies on “RDP and legitimate operating system tools” and legitimate RMM solutions for lateral movement. They also have evolved their discovery techniques to include legitimate tools like SoftPerfect NetWorx to enumerate networks.

Historically, Royal’s ransoms ranged from $1 million to $10 million. With the rebrand as BlackSuite, the largest ransom has jumped to $60 million. In total, BlackSuit has demanded over $500 million in ransoms – including both extortion and encryption ransoms.

The FBI highlights that BlackSuit gains their initial access through phishing, compromised RDP, public-facing applications, and brokers. But it should be also noted that the advisory makes it clear that “phishing emails are among the most successful vectors for initial access by BlackSuit threat actors,” indicating that organizations need to increase efforts to stop phishing-based attacks – something security awareness training is designed to help with through continual education to establish user vigilance when interacting with email.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.


RanSim

Free downloadable software tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

RanSim gives you a quick look at the effectiveness of your existing network protection. RanSim will test 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the installer and run it
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransim



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews