Ransomware

BlackSuit

First seen: 2023-05 • Status: active

Currently Active Threat

BlackSuit is Royal ransomware with a new name. They still attack hospitals and important infrastructure.

Overview

BlackSuit is the rebrand of Royal ransomware. It continues operations with similar TTPs targeting healthcare and critical infrastructure.

How It Spreads

  • Callback phishing
  • RDP exploitation
  • Affiliates

What It Does

  • File encryption
  • Data theft
  • Double extortion

Is your business exposed?

Target Platforms

Windows, Linux, VMware ESXi

Detection Tips

  • Monitor for Royal/BlackSuit TTPs
  • Watch for callback phishing

MITRE ATT&CK Techniques

T1486, T1567

If You're Infected

  1. 1.

    Follow Royal response procedures

  2. 2.

    Engage incident response

Related Malware

Royal, Conti

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices