• Home
  • News
  • BLACK SUIT Ransomware Gang Is Back With Another One

BLACK SUIT Ransomware Gang Is Back With Another One

Bogdan Pătru

By Bogdan Pătru . 28 April 2024

Tech Writer

Alex Popa

Fact-Checked this

The novel BLACK SUIT ransomware gang claimed another victim recently. It’s been reported that the Australian Herron Todd White experienced a ransomware attack with unknown consequences. This is a global player in the property evaluation industry.

  • BLACK SUIT posted evidence of the attack on their leak site but didn’t detail the event
  • The victim didn’t comment publicly on the incident either, presumably to avoid giving the hackers the free advertisement that they were looking for
  • BLACK SUIT is a controversial gang, with some believing it to be a rebranding of Royal, a now-defunct organization
  • BLACK SUIT has been active since May 2023 and has acquired the reputation of a resourceful and methodical organization

Ransomware attacks have produced significantly more victims throughout 2023 compared to the previous year. Despite the attacks being on a decline up to that point. The increasing trend has been attributed primarily to a wave of new ransomware actors.

BLACK SUIT is one of them, but appearances can be deceiving with this one. While the group has officially been formed in May of 2023, that’s not the whole story. The problem is the theory that the ransomware group is a successor of the former Royal gang.

X showing the BLACK SUIT attack on Herron Todd White
https://twitter.com/FalconFeedsio/status/1784492751528301012

While the theory is unverified for now, there are some tale-telling signs of it being likely true. Analysts have pointed out glaring similarities between BLACK SUIT and Royal in terms of code structure and standard MOs.

This would suggest that Royal restructured its assets, manpower, and tools and reorganized itself following its public dissolution. This came as a result of the gang being targeted by law enforcement agencies looking to seize their assets.

When that happens, most ransomware actors usually rebrand themselves or even break down and reorganize as a different actor. This is to lose the heat and throw law enforcement on false tracks, causing them to lose time and resources.

It also ensures the survival of the organization, even if only partially.

Is BLACK SUIT a Legitimate Ransomware Gang?

Yes, it is. The only question that comes is whether the gang is entirely built from scratch or not. But that doesn’t really matter in big picture either, as BLACK SUIT is currently treated as a legitimate standalone group, no matter its background.

But what should you know about the organization? BLACK SUIT doesn’t currently rank as an RaaS. Instead, it operates based on its internal structure with dedicated manpower and resources. This contributes to a more secure and compact overall structure.

It also makes the gang more difficult to crack, given that there are no weak-link affiliates that law enforcement agencies could exploit. Other than that, the gang’s MO is fairly standard. They use the typical double-extortion practice and usually target medium-value institutions.

Experts warn against the organization’s potential, as they see it as a rising threat in the ransomware sphere. This is especially concerning in a time when ransomware groups grow stronger faster than ever before.

So, if your public profile and revenue numbers have already painted a target on your back, watch out! BLACK SUIT is not one you want to treat lightly.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment