Introduction
BlackSuit is a type of malicious software classified as ransomware. Its operation involves multifaceted extortion, encrypting and exfiltrating victim data, and hosting public data leak sites for victims who fail to meet its demands. BlackSuit’s activities first began in early May 2023. Designed to prevent access to files by encrypting them, this ransomware appends the “.blacksuit” extension to the names of all affected files. Furthermore, it changes the desktop wallpaper and creates a ransom note file named “README.BlackSuit.txt.” This threat actor targets large corporations, small and medium-sized enterprises (SMEs), with no apparent specific discrimination regarding industry or type of victim.
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- BlackEnergy:
- BLACKCOFFEE:
- Blackshades:
- BlackNix:
- Small-Net:
- DesktopNow:
- BlackHole:
- Revenge-RAT:
Attribution and Evidence
Information pending cataloguing.
References
References pending cataloguing.