Innovations

FBI Issues Warning As ‘Men In Black’ Hackers Demand $60 Million Ransom

An updated advisory from the FBI and the Cybersecurity and Infrastructure Security Agency has highlighted the escalating threat from the ransomware group formerly known as Royal Ransomware, now rebranded as BlackSuit. This group has demanded up to $60 million from individual victims and has amassed a staggering $500 million in total so far. BlackSuit employs sophisticated tactics, including data encryption and exfiltration, to pressure organizations into paying. In response, the FBI and other law enforcement agencies are intensifying their efforts, deploying advanced forensic techniques and collaborating with international partners to track and apprehend the perpetrators. Enhanced vigilance, robust cybersecurity measures, and swift reporting are crucial for organizations to mitigate these evolving threats.

FBI Reveals BlackSuit Tactics, Techniques And Procedures

In the August 7 advisory update, the law enforcement and security agencies reveal a number of tactics, techniques and procedures associated with the ransomware group. The TTPs, along with indicators of compromise, have been updated with information as recent as July to help cyber-defenders to fight back.

ForbesRecord-Breaking $75 Million Ransom Paid To Dark Angels Gang

Alert code AA23-061A goes into plenty of technical detail regarding Royal Ransomware, now BlackSuit, activity. The report notes that cybercriminals follow a fairly typical path when it comes to ransomware crime these days: data exfiltration and extortion prior to encryption and publication of victim data to a leak site as leverage when it comes to the ransom demand.

The most common initial access vector exploited by BlackSuit hackers is social engineering, particularly phishing emails that trick victims into revealing sensitive information or downloading malicious attachments. Once inside a network, BlackSuit actors disable security protections and conduct extensive reconnaissance, exfiltrating valuable data to use as leverage. They then deploy ransomware to encrypt systems, effectively locking organizations out of their own data and demanding hefty ransoms for decryption. This multi-step approach highlights the importance of robust email security and employee awareness training.

BlackSuit Ransoms Range From $1 Million To $60 Million

Very little about BlackSuit will come as any surprise to cybersecurity professionals, law enforcement or businesses. The ransoms demanded are typically in the $1 million to $10 million range, depending upon the target. Again, a fairly standard approach these days with the criminals then prepared to negotiate down from there. However, the FBI and CISA said that the highest ransom demand has been $60 million which is definitely towards the high end. The record ransom paid, to the Dark Angels ransomware group, was set recently at $75 million to give some context.

Interestingly, ransoms are not demanded as part of the initial contact, which I’ll still call the ransom note, but instead BlackSuit demands direct contact by way of a dark web link. The attackers have been known to make telephone calls and send emails to add another element of threat to what resembles old-fashioned extortion racketeering.

Mitigating BlackSuit Ransomware Attacks

When it comes to mitigation against BlackSuit ransomware attacks, the FBI recommends that organizations employ robust password protections for all accounts, including administrators and domain admins, with multi-attempt lockouts and multi-factor authentication. Systems and software should be patched promptly to stay ahead of BlackSuit affiliates who exploit unpatched vulnerabilities. Network segmentation can help diminish damage if a breach occurs, limiting the attacker’s ability to move laterally within the network. Additionally, regular data backups, employee training on phishing and social engineering, and the use of advanced threat detection tools are essential. Incident response plans should be in place, with regular drills to ensure preparedness.

ForbesRussian Ransomware Gangs Grab $500 Million In Ransom Crypto Payments

Source link

Related Articles

Back to top button