The BlackSuit ransomware group has struck again, adding two new victims to its ever-growing list of targets. This time, the unfortunate entities ensnared in the BlackSuit ransomware attack are Southwest Binding & Laminating and Western Municipal Construction.
Southwest Binding & Laminating, an online purveyor of document binding, wires, report covers, index tabs, and laminating products, found itself thrust into the spotlight of cybercrime alongside Western Municipal Construction, a stalwart in the construction industry for the past two decades.
Western Municipal has diligently served municipalities and private companies across Montana, Wyoming, Texas, North Dakota, and neighboring states.
BlackSuit Ransomware Attack: In Detail
Upon scrutiny, it was discovered that while Southwest Binding & Laminating’s website remained operational, Western Municipal Construction’s website was inexplicably non-functional.
This anomaly begs the question: Was the technical glitch a mere coincidence, or has Western Municipal fallen victim to the BlackSuit ransomware attack? Only an official statement from the affected parties can dispel the uncertainty shrouding the alleged cyberattack on Western Municipal Construction.
Efforts to verify the alleged BlackSuit ransomware attacks have been met with silence from the targeted organizations. The Cyber Express Team’s attempts to solicit a response from the officials have thus far yielded no results, leaving the claim unverified and the victims’ plight unresolved.
Unraveling the BlackSuit Enigma
BlackSuit’s emergence onto the cybercrime scene in May 2023 raised eyebrows and prompted speculation about its origins and affiliations. Some experts posit that BlackSuit may be a rebranding of the Royal and Conti ransomware groups, with strong links to its predecessors.
The US Department of Health and Human Services (HHS) has sounded the alarm, highlighting the “striking parallels” between BlackSuit and Royal, labeling BlackSuit as the “direct successor” to the notorious Conti operation. The HHS advisory highlights the looming threat posed by BlackSuit, urging vigilance within the healthcare and public health sectors.
While BlackSuit’s attacks bear resemblance to ransomware-as-a-service (RaaS) operations, it currently operates sans affiliates, indicating a deviation from the conventional RaaS model.
The absence of known affiliates suggests that the masterminds behind BlackSuit may opt to retain full control over their malicious endeavors and the ensuing profits.
Previous Attacks
The trail of devastation left in BlackSuit’s wake spans industries and continents. In 2023, ZooTampa fell victim to a purported cyberattack carried out by BlackSuit, signaling the ransomware group’s global reach.
The Government of Brazil also found itself in BlackSuit’s crosshairs, as the ransomware group brazenly claimed responsibility for infiltrating Brazil’s government systems. However, the Brazilian government’s official portal remained conspicuously devoid of any acknowledgment of the cyber incident.
In 2024, the Kershaw County School District became the latest casualty of BlackSuit’s relentless onslaught. The cybercriminals behind BlackSuit boasted of breaching the school district’s defenses, culminating in the unauthorized extraction and subsequent leakage of a staggering 17.5 GB of sensitive data.
The saga of BlackSuit serves as a reminder of the dire consequences wrought by ransomware attacks, highlighting the imperative of enhanced cybersecurity measures and proactive risk mitigation strategies in today’s digital landscape.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
