FBI Issues Warning As âMen In Blackâ Hackers Demand 60 Million Ransom

pThe FBI has issued a warning about the BlackSuit ransomware gangppAn updated advisory from the FBI and the Cybersecurity and Infrastructure Security Agency has warned of the danger from a ransomware group that has demanded as much as 60 million from its victims and a staggering total of 500 million so far The criminal hackers concerned have rebranded from calling themselves Royal Ransomware to BlackSuit But that doesnât mean that the men and women in black from the FBI are stepping back from the hunt quite the oppositeppIn the August 7 advisory update the law enforcement and security agencies reveal a number of tactics techniques and procedures associated with the ransomware group The TTPs along with indicators of compromise have been updated with information as recent as July to help cyberdefenders to fight backppAlert code AA23061A goes into plenty of technical detail regarding Royal Ransomware now BlackSuit activity The report notes that cybercriminals follow a fairly typical path when it comes to ransomware crime these days data exfiltration and extortion prior to encryption and publication of victim data to a leak site as leverage when it comes to the ransom demandppThe most common initial access vector exploited by the hackers is social engineering specifically phishing emails Once inside a victim network the BlackSuit actors will disable security protections and exfiltrate as much data as possible before the actual ransomware malware itself is deployed and systems are encryptedppVery little about BlackSuit will come as any surprise to cybersecurity professionals law enforcement or businesses The ransoms demanded are typically in the 1 million to 10 million range depending upon the target Again a fairly standard approach these days with the criminals then prepared to negotiate down from there However the FBI and CISA said that the highest ransom demand has been 60 million which is definitely towards the high end The record ransom paid to the Dark Angels ransomware group was set recently at 75 million to give some contextppInterestingly ransoms are not demanded as part of the initial contact which Iâll still call the ransom note but instead BlackSuit demands direct contact by way of a dark web link The attackers have been known to make telephone calls and send emails to add another element of threat to what resembles oldfashioned extortion racketeeringppDr Martin Kraemer a security awareness advocate at KnowBe4 said that The group responsible for the BlackSuit ransomware is known for using aggressive tactics to extort money They are not afraid to threaten businesses with exposing corporate wrongdoing intimidate the relatives of employees and leaders or blackmail employees by revealing illegal activitiesâppA typical BlackSuit ransom noteppWhen it comes to mitigation against BlackSuit ransomware attacks the FBI recommends that organizations employ sufficient password protections for all accounts including admins and domain admins with multiattempt lockouts and multifactor authentication Systems and software should be patched in a timely manner to stay ahead of BlackSuit affiliates who will be looking for unpatched vulnerabilities and network segmentation can help to diminish damage should a breach be successfulppCassius Edison head of professional services at Closed Door Security said that âthe best strategy when it comes to ransomware is prevention Organizations should use these insights from the FBI to harden their defenses against these attack vectorsppp