The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.
The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal.
It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.
According to the advisory, BlackSuit heavily relies on “RDP and legitimate operating system tools” and legitimate RMM solutions for lateral movement. They also have evolved their discovery techniques to include legitimate tools like SoftPerfect NetWorx to enumerate networks.
Historically, Royal’s ransoms ranged from $1 million to $10 million. With the rebrand as BlackSuite, the largest ransom has jumped to $60 million. In total, BlackSuit has demanded over $500 million in ransoms – including both extortion and encryption ransoms.
The FBI highlights that BlackSuit gains their initial access through phishing, compromised RDP, public-facing applications, and brokers. But it should be also noted that the advisory makes it clear that “phishing emails are among the most successful vectors for initial access by BlackSuit threat actors,” indicating that organizations need to increase efforts to stop phishing-based attacks – something security awareness training is designed to help with through continual education to establish user vigilance when interacting with email.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Here's how it works:
