Black Suit ransomware published evidence of a recent attack on the Kershaw Country School District with the aftermath being uncertain. The organization doesn’t shy away from exploiting any vulnerability they can find in any institution.
The organization’s preferred MO is the standard double-extortion approach. Black Suit exploits system vulnerabilities, downloads and encrypts sensitive data, and leaves a ransom note behind.
The victim is required to contact Black Suit representatives on their Tor network for negotiations. If these fail or the victim refuses to follow suit, the group will publish or sell the collected data on the Dark Web.
This can lead to even more financial losses, including reputation damages, which is why many professionals advise paying the ransom if no other option is available. This being said, paying the ransom does incentivize cyber-criminal groups to continue their activity.
It’s a double-edged sword and the ultimate decision should be for the victim to make.
Black Suit is a newcomer on the ransomware stage, as it first emerged as a legitimate threat in the first trimester of 2023. Despite not being very active, when compared to other groups, Black Suit still poses a significant cybersecurity risk.
The US Department of Health and Human Services raised an alarm signal regarding Black Suit and his future potential. In addition, FBI and CISA published several IOCs for Black Suit and several other ransomware entities.
While Black Suit isn’t as aggressive as other cyber-threat actors, they still pose a significant risk to those with vulnerable defense systems. The best wall of defense is to upgrade the firewalls and engage several defense mechanisms for plus of effectiveness.
Important point, Black Suit isn’t considered an RaaS (Ransomware-as-a-service) actor yet, because there are no known affiliates. This may indicate that the hackers prefer to keep their cards close to their chest.
When it comes to the organization’s origins, the current theory is that Black Suit is the illegitimate child of Royal and Conti. Although, more research is necessary to reach a definitive conclusion.
We believe security online security matters and its our mission to make it a safer place.