FBI warns this rebranded ransomware is making some seriously high ransom demands
BlackSuit has demanded around $500 million to date
One of the most notorious ransomware groups around today is making some outlandishly high demands as it looks for a big payday, law enforcement groups have warned.
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated advisory saying the BlackSuit ransomware gang has demanded as much as $500 million for victims to get their data back.
This included a single example where the victim was asked for $60 million in ransom, but the group is thought to be behind attacks against over 350 organizations since September 2022.
Big goals
The advisory notes that the gang may have become emboldened to make such high demands due to an increasing willingness for victims to pay up and retrieve their data - but also for the hackers themselves to compromise.
"BlackSuit actors have exhibited a willingness to negotiate payment amounts," the agencies said. "Ransom amounts are not part of the initial ransom note, but require direct interaction with the threat actor via a .onion URL (reachable through the Tor browser) provided after encryption."
BlackSuit appears to be a rebrand of the infamous Royal ransomware, which first emerged in September 2022, and began testing its rebranded tool following an attack on the city of Dallas in June 2023.
It is thought BlackSuit is the culprit for the recent attack against CDK Global, which disrupted operations at car dealerships across the US, and has also been behind attacks on commercial facilities, healthcare and public health, government facilities, and critical manufacturing.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
"BlackSuit ransomware is the evolution of the ransomware previously identified as Royal ransomware, which was used from approximately September 2022 through June 2023. BlackSuit shares numerous coding similarities with Royal ransomware and has exhibited improved capabilities," the FBI and CISA noted.
"Ransom demands have typically ranged from approximately $1 million to $10 million USD, with payment demanded in Bitcoin. BlackSuit actors have demanded over $500 million USD in total and the largest individual ransom demand was $60 million."
The advisory notes the gang behind these campaigns is thought to be the successor to the Conti cybercrime group thought to be behind some of the biggest cyberattacks in recent history, which shut down in May 2022.
Via TheHackerNews
More from TechRadar Pro
- A notorious ransomware group has received the largest ransom payment ever
- Protect your machine with the best endpoint protection software
- We’ve rounded up a list of the best firewalls around
Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.