Ransomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack Methods

Stu Sjouwerman | Aug 19, 2024

Tale of Two Ransomware VariantsThe ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.

The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal.

It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.

According to the advisory, BlackSuit heavily relies on “RDP and legitimate operating system tools” and legitimate RMM solutions for lateral movement. They also have evolved their discovery techniques to include legitimate tools like SoftPerfect NetWorx to enumerate networks.

Historically, Royal’s ransoms ranged from $1 million to $10 million. With the rebrand as BlackSuite, the largest ransom has jumped to $60 million. In total, BlackSuit has demanded over $500 million in ransoms – including both extortion and encryption ransoms.

The FBI highlights that BlackSuit gains their initial access through phishing, compromised RDP, public-facing applications, and brokers. But it should be also noted that the advisory makes it clear that “phishing emails are among the most successful vectors for initial access by BlackSuit threat actors,” indicating that organizations need to increase efforts to stop phishing-based attacks – something security awareness training is designed to help with through continual education to establish user vigilance when interacting with email.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.