BlackSuit Ransomware Targets China and the US

By Bogdan Pătru . 24 May 2024

Tech Writer

Fact-Checked this

The BlackSuit gang posted 2 new victims on their public website. These are the US-based School District of Colfax and the Chinese Sichuan Dawei Science & Technology. No other information is available about the operation.

The BlackSuit hackers are known to hit high-profile targets and demand high ransoms
BlackSuit first emerged in 2023 and made a reputation for itself rather quickly
This recent attack saw the hackers infiltrating high-profile targets with ease and stealing a lot of valuable data
It’s unclear if any of the 2 institutions have decided to contact or negotiate with the perpetrators

BlackSuit is one of the newest and most dangerous ransomware actors currently in the ransomware sphere. The organization uses advanced tools and tactics to circumvent the victim’s defensive systems. Once inside, they encrypt the files and extract the data.

The operators will use the stolen data as leverage, trying to obtain as much money as possible. As data shows, most victims refuse to pay or even negotiate with the hackers. But some do, which is where these gangs get their financing.

X showing the BLACK SUIT attack on the 2 victims — https://x.com/FalconFeedsio/status/1793930238780707006

While the number of ransomware attacks was on a downward spiral following 2022, the trend quickly took on an upward trend. 2024 started off with 76 attacks (recorded in January alone) which is a massive increase compared to the same month of 2022.

The most prolific month for ransomware attacks was April. It’s also important to note that the ransoms have gone up in value. Compared to previous years, 2024 saw an increase in ransom value with up to 500%.

Around 63% of the ransoms reached $1 million or more, while 30% of them jumped the $5 million threshold. Despite these numbers, a recent poll showed concerning figures. According to the latest data:

94% of the respondents stated that they would pay the ransom to recover their data
5% said they wouldn’t pay, but that that would depend on the value of the ransom
1% said that they wouldn’t pay the ransom
67% of companies stated that they’re willing to pay up to $3 million or more in ransom
35% of them would pay $5 million or more

How to Deal with a Ransomware Attack?

These are, naturally, concerning numbers because they explain the increasing trend in the ransomware attack frequency over the past year. Ransomware gangs tune in because there’s a lot of money to be made.

But should you pay the ransom? The answer is clear as day: no. You should not negotiate with the hackers and you shouldn’t pay anything. One the one hand, because paying doesn’t guarantee that the hackers will delete the stolen data.

In fact, studies show that most of them don’t. Instead, they save it for later use or sell it to other third-party cybercriminal groups.

On the other hand, paying the ransom puts you on the hackers’ list for future hits. You’ve proven yourself to be a good payer, so they’ll most likely hit you again soon.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

BlackSuit Ransomware Targets China and the US

How to Deal with a Ransomware Attack?

Our Mission

Bogdan Pătru

Leave a Comment Cancel