L’Health Sector Cybersecurity Coordination Center (HC3), an American organization that deals with cybersecurity and healthcare, has published an analyst note regarding a new ransomware group, called BlackSuit.
We’re talking about a new gang of cybercriminalideemed a credible threat to the healthcare and public health sector which, apparently, was the protagonist of a massive attack last October.
The victim of the campaign was a company involved in the supply of instruments in the radiological context, operating in more than 1,000 hospitals present on US territory. This first offensive suggests that, over the next few weeks or months, many companies could end up victims of BlackSuit.
BlackSuit ransomware uses double extortion technique
The attack methods linked to this group do not differ too much from the contemporary ransomware context.
On a specific level, BlackSuit adopts the formula of double extortion attacks., with theft of sensitive data and subsequent ransom demand to decrypt it. Making the situation even more complex is the fact that this type of campaign seems to be effective both in the environment Windows what up Linux.
The data collected so far on this new threat appears to refer to an independent group, which has nothing to do with ransomware-as-a-service (RaaS). For some experts involved in the analysis, BlackSuit could derive from another rather famous ransomware, namely Royal.
Just like the latter, in fact, BlackSuit adopts for encryption AES Of OpenSSLcombined with techniques of intermittent encryptioncapable of acting with greater speed and efficiency during file processing.
Given that the ransomware revealed itself with only one certified attack, it is currently not possible to identify other characteristics related to its modus operandi. Regarding distribution, it is thought that cybercriminals can exploit techniques such as malvertising, malicious macros in documents disseminated via e-mail, trojan, dropper and other channels that are quite common in the ransomware context.