FBI warns this rebranded ransomware is making some seriously high ransom demands

News
By published

BlackSuit has demanded around $500 million to date

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

One of the most notorious ransomware groups around today is making some outlandishly high demands as it looks for a big payday, law enforcement groups have warned.

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated advisory saying the BlackSuit ransomware gang has demanded as much as $500 million for victims to get their data back.

This included a single example where the victim was asked for $60 million in ransom, but the group is thought to be behind attacks against over 350 organizations since September 2022.

Big goals

The advisory notes that the gang may have become emboldened to make such high demands due to an increasing willingness for victims to pay up and retrieve their data - but also for the hackers themselves to compromise.

"BlackSuit actors have exhibited a willingness to negotiate payment amounts," the agencies said. "Ransom amounts are not part of the initial ransom note, but require direct interaction with the threat actor via a .onion URL (reachable through the Tor browser) provided after encryption."

BlackSuit appears to be a rebrand of the infamous Royal ransomware, which first emerged in September 2022, and began testing its rebranded tool following an attack on the city of Dallas in June 2023.

It is thought BlackSuit is the culprit for the recent attack against CDK Global, which disrupted operations at car dealerships across the US, and has also been behind attacks on commercial facilities, healthcare and public health, government facilities, and critical manufacturing.

"BlackSuit ransomware is the evolution of the ransomware previously identified as Royal ransomware, which was used from approximately September 2022 through June 2023. BlackSuit shares numerous coding similarities with Royal ransomware and has exhibited improved capabilities," the FBI and CISA noted.

"Ransom demands have typically ranged from approximately $1 million to $10 million USD, with payment demanded in Bitcoin. BlackSuit actors have demanded over $500 million USD in total and the largest individual ransom demand was $60 million."

The advisory notes the gang behind these campaigns is thought to be the successor to the Conti cybercrime group thought to be behind some of the biggest cyberattacks in recent history, which shut down in May 2022.

Via TheHackerNews

More from TechRadar Pro

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Read more
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
More reports claim 2024 was the worst year for ransomware attacks yet
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
data recovery
Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Less than half of ransomware incidents end in payment - but you should still be on your guard
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
More about pro
BraX3

This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR

Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Poco F6 Pro in white from the back showing its Camera array and branding

For a mid-range handset, the Poco F6 Pro is premium in more ways than one, but I found it hard to ignore some of its key pitfalls
See more latest
Most Popular
BraX3
This obscure brand wants to launch the most privacy-friendly smartphone ever without Google, but with a mysterious open-source OS at its core
HAMR
Seagate reportedly sold two billion GBs worth of storage to two of the world's largest tech companies
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models