Contact

Threat Assessment: Distributors of BlackSuit Ransomware

NetmanageIT OpenCTI - opencti.netmanageit.com

Threat Assessment: Distributors of BlackSuit Ransomware



SUMMARY :

Ignoble Scorpius, previously known as Royal ransomware, has rebranded as BlackSuit ransomware and increased its activity since March 2024. The group has targeted at least 93 victims globally, with a focus on the construction and manufacturing industries. Their initial ransom demands average 1.6% of the victim's annual revenue. The group uses various initial access methods, including phishing, SEO poisoning, and supply chain attacks. They employ tools like Mimikatz, Cobalt Strike, and Rclone for credential theft, lateral movement, and data exfiltration. The ransomware has both Windows and Linux variants, with specific functionality to target VMware ESXi servers in some Linux versions. The group's sophisticated tactics and potential ties to former Conti and Royal ransomware members make them a significant threat.

OPENCTI LABELS :

cobalt strike,ransomware,data exfiltration,lateral movement,mimikatz,credential theft,extortion,gootloader,systembc,supply chain attack,blacksuit,nanodump


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Threat Assessment: Distributors of BlackSuit Ransomware