BlackSuit Ransomware: CISA and FBI Issue Updated Advisory

The Royal Ransomware Rebranded to BlackSuit

CISA and the FBI have confirmed that the Royal ransomware has rebranded to BlackSuit. Despite only being in operation for a year, BlackSuit has already demanded ransom payments of over $500 million.

Tactics and Techniques

After gaining access to victims' networks, BlackSuit actors disable antivirus software and exfiltrate large amounts of data. As a means of pressure to pay the ransom, they threaten to publish the data.

The updated advisory provides network defenders with additional information on BlackSuit's tactics, including:

• Recent and historically observed tactics
• Indicators of compromise (IOCs)
• Mitigation and recovery guidance

The advisory also includes information on the Royal ransomware, which has been linked to BlackSuit.

Call to Action

CISA and the FBI urge network defenders to review the updated advisory and implement the recommended mitigation measures. These measures include:

• Patching systems and software
• Implementing strong network security controls
• Backing up data regularly
• Educating employees on cybersecurity best practices

By following these recommendations, network defenders can help protect their organizations from BlackSuit and other ransomware threats.