A Hybrid Approach with Data Exfiltration and Encryption

SUMMARY :

The BlackSuit ransomware group, believed to be a rebrand of Royal ransomware, has emerged as a significant threat to organizations. This sophisticated attack combines data exfiltration and encryption, utilizing tools like Cobalt Strike for command and control, rclone for data exfiltration, and BlackSuit ransomware for file encryption. The group's tactics include lateral movement through RDP, SMB, and PsExec, credential dumping, and deletion of shadow copies. Notably, the ransomware uses a -nomutex flag, allowing multiple concurrent executions. The attack flow involves initial access, lateral movement, data exfiltration, partial encryption, and ransom demands ranging from $1 million to $10 million USD in Bitcoin. This hybrid approach highlights the evolving nature of ransomware threats and the need for robust security measures.

OPENCTI LABELS :

cobalt strike,ransomware,data exfiltration,encryption,rclone,blacksuit


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A Hybrid Approach with Data Exfiltration and Encryption