• About Us
  • Contact Us
  • Editorial Calendar
  • Careers
  • The Cyber Express by Cyble Vulnerability Disclosure Policy
  • Cyble Trust Portal
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacker News
    • Ransomware News
    • Vulnerabilities
    AI Cyber Attacks

    AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

    Apple Security Update

    Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2

    Seized Crypto Assets

    Ukraine Makes History With First $8.3M Seized Crypto Transfer to ARMA

    Illegal World Cup Streaming Domains

    U.S. Seizes Nearly 400 Illegal FIFA World Cup Streaming Domains

    Operation Endgame Disrupts SocGholish

    Operation Endgame Disrupts SocGholish, StealC Malware Networks

    UAE Cybersecurity Council

    UAE Cybersecurity Council Calls for Stronger Digital Footprint Protection

    MDA hack

    Government Website in India Taken Offline After Defacement Attack

    ATM jackpotting

    ATM Jackpotting Gang Members Sentenced for Ploutus Malware Attacks

    The Cyber Express weekly roundup June 2026

    The Cyber Express Weekly Roundup: Five Eyes AI Warning, KDDI Data Breach, Garfield AI Legal Milestone, and Iranian Hacker Arrest

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    FBI Warns of Malicious Traffic

    FBI Warns of a Hidden Web Tactic Fueling Phishing and Ransomware

    Ukraine Joins EU Cybersecurity Reserve

    What Ukraine’s Entry Into the EU Cybersecurity Reserve Means

    UK social media ban

    UK Social Media Ban for Under-16s Could Take Effect by Spring 2027

    Ransomware Preparedness

    Ransomware Preparedness Must Be a Boardroom Priority: NCSC Chief

    AI legal assistants

    AI Heads to UK Courts, Bringing New Cybersecurity and Governance Challenges

    VerdantBamboo

    China’s VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network

    Crypto Scam, Crypto

    New Threat Actor Targets Crypto Firms’ Development Infrastructure

    Pink, Pink Extortion, CL-CRI-1147

    Pink Extortion Group Emerges Targeting Microsoft 365 Data

    AI-Powered Bots

    AI-Powered Bots Are Blurring the Line Between Users and Cyber Threats

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Knowledge Hub
    • All
    • How to
    • What is
    Google Chrome

    How to Remove Saved Passwords From Google Chrome (And Why You Should)

    DPDP Rules, Cyble, DPDP Act, Cyble Vantage

    How Cyble’s Front-Row Vantage Can Help You in Complying to India’s DPDP Act

    Cybersecurity Countries

    The Top 8 Countries Leading the Cyber Defense Race in 2025

    link building

    The Link Building Secrets Your Competitors Don’t Want You to Know

    Supply Chain Attack

    Supply Chain Resilience and Physical Security: Lessons for 2025

    Healthcare cybersecurity trends of 2024

    Healthcare Cybersecurity: 2024 Was Tough, 2025 May Be Better

    CEO's Guide to Take-Down Services

    Shield Your Organization: CEO’s Perspective on Take-Down Services

    Azure sign-in Microsoft

    Microsoft Announces Mandatory MFA for Azure Sign-ins to Bolster Cloud Defenses

    Signal Proxy, Signal, Signal Ban in Russia, Signal Ban in Venezuela, Bypass Signal Ban, How to Activate Signal Proxy, Signal Proxy Server

    How to Set Up Signal Proxy to Help Bypass Censorship in Russia and Venezuela

  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Sunil Varkey

    Sunil Varkey Joins Hexaware Technologies as EVP & CISO

    AI Chip, Chip Security Act

    Congress Wants a GPS Tracker on Every Advanced AI Chip America Exports

    Fraud, Agentic AI, AI-assisted Cyberattacks

    Agentic AI Run Fraud Campaigns Earning 4.5 Times More: Interpol

    Stryker, Stryker Cyberattack, CISA, Handala

    Stryker Says Cyberattack Disrupted Processing, Manufacturing and Shipping

    INC Ransom, Western Critical Infrastructure, Critical infrastructure, Russian GRU, Russian Threat Actor, Sandworm, APT44, Energy Supply Chain, Energy Infrastructure

    INC Ransom’s Franchise Model Is Putting Critical Infrastructure on the Chopping Block

    Terrorist Cyberattacks, UAE Cyber Security Council

    UAE Blocked AI-Powered Terrorist Cyberattacks Targeting Critical Infrastructure

    Eurail Breach, Eurail

    Eurail Breach Escalates as Stolen Passport Data and IBANs Surface on Dark Web for Sale

    Discord teen-by-default settings

    Discord Introduces Stronger Teen Safety Controls Worldwide

    The Cyber Express cybersecurity roundup

    The Cyber Express Weekly Roundup: FortiOS Exploits, Ransomware, Hacktivist Surge, and EU Telecom Rules

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Conference
    • Webinar
    • Endorsed Events
  • Advisory Board
No Result
View All Result
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacker News
    • Ransomware News
    • Vulnerabilities
    AI Cyber Attacks

    AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

    Apple Security Update

    Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2

    Seized Crypto Assets

    Ukraine Makes History With First $8.3M Seized Crypto Transfer to ARMA

    Illegal World Cup Streaming Domains

    U.S. Seizes Nearly 400 Illegal FIFA World Cup Streaming Domains

    Operation Endgame Disrupts SocGholish

    Operation Endgame Disrupts SocGholish, StealC Malware Networks

    UAE Cybersecurity Council

    UAE Cybersecurity Council Calls for Stronger Digital Footprint Protection

    MDA hack

    Government Website in India Taken Offline After Defacement Attack

    ATM jackpotting

    ATM Jackpotting Gang Members Sentenced for Ploutus Malware Attacks

    The Cyber Express weekly roundup June 2026

    The Cyber Express Weekly Roundup: Five Eyes AI Warning, KDDI Data Breach, Garfield AI Legal Milestone, and Iranian Hacker Arrest

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    FBI Warns of Malicious Traffic

    FBI Warns of a Hidden Web Tactic Fueling Phishing and Ransomware

    Ukraine Joins EU Cybersecurity Reserve

    What Ukraine’s Entry Into the EU Cybersecurity Reserve Means

    UK social media ban

    UK Social Media Ban for Under-16s Could Take Effect by Spring 2027

    Ransomware Preparedness

    Ransomware Preparedness Must Be a Boardroom Priority: NCSC Chief

    AI legal assistants

    AI Heads to UK Courts, Bringing New Cybersecurity and Governance Challenges

    VerdantBamboo

    China’s VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network

    Crypto Scam, Crypto

    New Threat Actor Targets Crypto Firms’ Development Infrastructure

    Pink, Pink Extortion, CL-CRI-1147

    Pink Extortion Group Emerges Targeting Microsoft 365 Data

    AI-Powered Bots

    AI-Powered Bots Are Blurring the Line Between Users and Cyber Threats

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Knowledge Hub
    • All
    • How to
    • What is
    Google Chrome

    How to Remove Saved Passwords From Google Chrome (And Why You Should)

    DPDP Rules, Cyble, DPDP Act, Cyble Vantage

    How Cyble’s Front-Row Vantage Can Help You in Complying to India’s DPDP Act

    Cybersecurity Countries

    The Top 8 Countries Leading the Cyber Defense Race in 2025

    link building

    The Link Building Secrets Your Competitors Don’t Want You to Know

    Supply Chain Attack

    Supply Chain Resilience and Physical Security: Lessons for 2025

    Healthcare cybersecurity trends of 2024

    Healthcare Cybersecurity: 2024 Was Tough, 2025 May Be Better

    CEO's Guide to Take-Down Services

    Shield Your Organization: CEO’s Perspective on Take-Down Services

    Azure sign-in Microsoft

    Microsoft Announces Mandatory MFA for Azure Sign-ins to Bolster Cloud Defenses

    Signal Proxy, Signal, Signal Ban in Russia, Signal Ban in Venezuela, Bypass Signal Ban, How to Activate Signal Proxy, Signal Proxy Server

    How to Set Up Signal Proxy to Help Bypass Censorship in Russia and Venezuela

  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Sunil Varkey

    Sunil Varkey Joins Hexaware Technologies as EVP & CISO

    AI Chip, Chip Security Act

    Congress Wants a GPS Tracker on Every Advanced AI Chip America Exports

    Fraud, Agentic AI, AI-assisted Cyberattacks

    Agentic AI Run Fraud Campaigns Earning 4.5 Times More: Interpol

    Stryker, Stryker Cyberattack, CISA, Handala

    Stryker Says Cyberattack Disrupted Processing, Manufacturing and Shipping

    INC Ransom, Western Critical Infrastructure, Critical infrastructure, Russian GRU, Russian Threat Actor, Sandworm, APT44, Energy Supply Chain, Energy Infrastructure

    INC Ransom’s Franchise Model Is Putting Critical Infrastructure on the Chopping Block

    Terrorist Cyberattacks, UAE Cyber Security Council

    UAE Blocked AI-Powered Terrorist Cyberattacks Targeting Critical Infrastructure

    Eurail Breach, Eurail

    Eurail Breach Escalates as Stolen Passport Data and IBANs Surface on Dark Web for Sale

    Discord teen-by-default settings

    Discord Introduces Stronger Teen Safety Controls Worldwide

    The Cyber Express cybersecurity roundup

    The Cyber Express Weekly Roundup: FortiOS Exploits, Ransomware, Hacktivist Surge, and EU Telecom Rules

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Conference
    • Webinar
    • Endorsed Events
  • Advisory Board
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Cyber News

How BlackSuit Ransomware is Crippling Businesses: FBI, CISA Sound Alarm

The FBI and CISA's advisory on BlackSuit ransomware highlights the evolving nature of ransomware threats and the importance of proactive cybersecurity measures.

Samiksha Jain by Samiksha Jain
August 8, 2024
in Cyber News, Firewall Daily, Ransomware News
0
BlackSuit Ransomware

Source: Freepik

662
SHARES
3.7k
VIEWS
Share on LinkedInShare on Twitter

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued an advisory to alert organizations about the BlackSuit ransomware.

This FBI and CISA advisory includes details on the indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with BlackSuit ransomware, as identified through FBI threat response activities and third-party reporting as recently as July 2024.

BlackSuit ransomware is an evolution of the previously known Royal ransomware, which was active from September 2022 through June 2023. BlackSuit shares numerous coding similarities with Royal ransomware but has demonstrated enhanced capabilities. This evolution signifies a significant threat as BlackSuit continues to target organizations through sophisticated attack vectors.

How BlackSuit Ransomware Operates

The advisory issued by the FBI and CISA provides detailed insights into the technical mechanisms used by BlackSuit ransomware.

This ransomware conducts data exfiltration and extortion prior to encryption, publishing victim data on a leak site if ransom demands are not met. The ransomware primarily gains initial access through phishing emails, where unsuspecting victims are tricked into downloading malicious attachments. Once inside a network, BlackSuit actors disable antivirus software, exfiltrate significant amounts of data, and ultimately deploy the ransomware to encrypt systems.

This method helps evade detection and significantly improves encryption speed. BlackSuit actors engage in double extortion tactics, threatening to release exfiltrated data publicly if the ransom is not paid.

report-ad-banner

Here is the detailed description:

Data Exfiltration and Extortion: BlackSuit ransomware follows a double extortion model, where it exfiltrates data before encrypting it. If the ransom is not paid, the threat actors threaten to publish the stolen data on a leak site. This tactic increases pressure on victims to comply with ransom demands.

Initial Access: Phishing emails are the primary method used by BlackSuit actors to gain initial access to victim networks. These emails often contain malicious PDF documents or links to malvertising sites. Other access methods include Remote Desktop Protocol (RDP) compromise, exploiting vulnerabilities in public-facing applications, and leveraging initial access brokers to obtain VPN credentials from stealer logs.

Command and Control: After gaining access, BlackSuit actors establish communication with their command and control (C2) infrastructure using legitimate Windows software repurposed for malicious activities. Tools historically used include Chisel, Secure Shell (SSH) clients, PuTTY, OpenSSH, and MobaXterm.

Lateral Movement and Persistence: BlackSuit actors move laterally within a network using RDP, PsExec, and Server Message Block (SMB). They maintain persistence through the use of legitimate remote monitoring and management (RMM) software and malware like SystemBC and Gootloader.

Discovery and Credential Access: The actors utilize tools like SharpShares and SoftPerfect NetWorx to enumerate networks. Credential-stealing tools such as Mimikatz and Nirsoft’s utilities have been found on compromised systems. They also use PowerTool and GMER to kill system processes.

Exfiltration and Encryption: Before encryption, BlackSuit actors use tools like Cobalt Strike and malware such as Ursnif/Gozi to aggregate and exfiltrate data. They employ RClone and Brute Ratel for exfiltration. To maximize the impact, they use Windows Restart Manager to check file usage, delete volume shadow copies using vssadmin.exe, and execute batch files to manage the encryption process.

BlackSuit Ransom Demands and Communication

Ransom demands by BlackSuit actors typically range from $1 million to $10 million USD, with payments required to be made in Bitcoin. To date, the actors have demanded over $500 million USD collectively, with the highest individual ransom demand being $60 million.

Notably, BlackSuit actors are willing to negotiate the ransom amounts. While the ransom amount is not included in the initial ransom note, victims are directed to a .onion URL (accessible via the Tor browser) for further communication and negotiation.

Recently, there has been an increase in instances where victims receive direct communications from BlackSuit actors, either via phone or email, regarding the compromise and ransom demands.

FBI and CISA Recommendations

The FBI and CISA strongly encourage organizations to implement the following recommendations to mitigate the risk and impact of ransomware incidents:

  1. User Training and Awareness: Educate employees about phishing tactics and encourage them to report suspicious emails.
  2. Multi-Factor Authentication (MFA): Implement MFA across all user accounts, especially those with administrative privileges.
  3. Regular Backups: Ensure regular backups of critical data and store them offline to protect against ransomware attacks.
  4. Network Segmentation: Segment networks to limit the lateral movement of threat actors.
  5. Patch Management: Regularly update and patch systems, software, and applications to address known vulnerabilities.
  6. Incident Response Plan: Develop and regularly update an incident response plan that includes procedures for responding to ransomware attacks.

The FBI and CISA’s advisory on BlackSuit ransomware highlights the evolving nature of ransomware threats and the importance of proactive cybersecurity measures. Organizations are urged to review the detailed recommendations and implement robust security practices to defend against such attacks.

Share this:

  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Reddit (Opens in new window) Reddit
  • Share on X (Opens in new window) X
  • Share on Facebook (Opens in new window) Facebook
  • More
  • Email a link to a friend (Opens in new window) Email
  • Share on WhatsApp (Opens in new window) WhatsApp

Related

Tags: BlackSuit ransomwareCISAFBIFBI and CISA advisoryFBI and CISA RecommendationsStopRansomwareThe Cyber ExpressThe Cyber Express News
Previous Post

INTERPOL Authorities Recover Over $40 Million from International Email Scam

Next Post

Six Iranian Hackers Identified in Cyberattacks on US Water Utilities, $10 Million Reward Announced

Next Post
Six Iranian Hackers

Six Iranian Hackers Identified in Cyberattacks on US Water Utilities, $10 Million Reward Announced

Q1 2026 Threat Reports

❮ ❯
Cyble-Vision


Follow Us On Google News

Latest Cyber News

AI Cyber Attacks
Cyber News

AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

July 1, 2026
Apple Security Update
Cyber News

Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2

June 30, 2026
Seized Crypto Assets
Cyber News

Ukraine Makes History With First $8.3M Seized Crypto Transfer to ARMA

June 30, 2026
Illegal World Cup Streaming Domains
Cyber News

U.S. Seizes Nearly 400 Illegal FIFA World Cup Streaming Domains

June 30, 2026

Categories

Web Stories

Do This on Telegram, Your Bank Account Will Become Zero
Do This on Telegram, Your Bank Account Will Become Zero
If You Install the iOS 18 Beta, Your iPhone Could Be Hacked
If You Install the iOS 18 Beta, Your iPhone Could Be Hacked
Cricket World Cup Ticketing Systems Under Cybersecurity
Cricket World Cup Ticketing Systems Under Cybersecurity
Cyber Threats and Online Ticket Scams During the NBA Finals
Cyber Threats and Online Ticket Scams During the NBA Finals
Biometric Data Security: Protecting Sensitive Information
Biometric Data Security: Protecting Sensitive Information

About

The Cyber Express

#1 Trending Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

 

Quick Links

  • About Us
  • Contact Us
  • Editorial Calendar
  • Careers
  • The Cyber Express by Cyble Vulnerability Disclosure Policy
  • Cyble Trust Portal

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
10080 North Wolfe Road, Suite SW3-200, Cupertino, CA, US 95014

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2026 The Cyber Express - Cybersecurity News and Magazine.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Knowledge Hub
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Conference
    • Webinar
    • Endorsed Events
  • Advisory Board

© 2026 The Cyber Express - Cybersecurity News and Magazine.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00
Do This on Telegram, Your Bank Account Will Become Zero If You Install the iOS 18 Beta, Your iPhone Could Be Hacked Cricket World Cup Ticketing Systems Under Cybersecurity Cyber Threats and Online Ticket Scams During the NBA Finals Biometric Data Security: Protecting Sensitive Information