The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning about the notorious Royal Ransomware group's rebranding. The group now operates under the moniker BlackSuit.
What happened
In June 2023, following a high-profile attack on the City of Dallas, Texas, the Royal Ransomware group began using a new encryptor called BlackSuit. CISA and the FBI have confirmed that this transition is a rebranding effort, with several coding similarities between the two variants and the cessation of Royal ransomware attacks coinciding with the emergence of BlackSuit.
Going deeper
Royal Ransomware first appeared on the scene in September 2022, with the group's members believed to have split from the Conti ransomware operation earlier that year. The group rapidly grew into one of the most prolific ransomware operations, even temporarily surpassing LockBit as the most active ransomware group in November 2022. The group's attacks on the healthcare and public health (HPH) sector, including incidents targeting Revenetics, Morris Hospital & Healthcare Centers, and OctaPharma, prompted a warning from the Health Sector Cybersecurity Coordination Center (HC3).
What was said
"The rebranding of Royal Ransomware as Blacksuit is a clear indication that threat actors are continuously adapting their tactics to evade detection and maximize their chances of success," stated a CISA spokesperson. "It is imperative that organizations stay ahead of these evolving threats by maintaining robust cybersecurity defenses and promptly applying security updates and patches."
Why it matters
The rebranding of Royal Ransomware as Blacksuit shows how quickly cyber threats can change. As criminals update their tactics, it's more important than ever for organizations to stay informed and take proactive steps to protect against data breaches, disruptions, and financial losses.
FAQs
What is ransomware?
Ransomware is malware that holds a victim's data hostage by encrypting it or restricting access to the system. The attackers then demand a ransom in exchange for the decryption key or the restoration of system access.
What can organizations do to protect themselves from ransomware attacks?
Experts recommend a multi-layered approach to ransomware defense, including people-focused initiatives, advanced processes, and the deployment of the latest security technologies. Proactive measures to prevent initial access and minimize attack surfaces are necessary in the fight against these threats.
How can the cybersecurity community respond to the growing ransomware crisis?
Collaboration, information sharing, and the development of new defensive strategies will be fundamental in the ongoing battle against ransomware. Governments, security vendors, and organizations must work together to stay ahead of the constantly changing tactics employed by cybercriminal groups like Blacksuit.
Farah Amod
