Over $500 million in ransom demands have already been made by the BlackSuit ransomware operation since first appearing as the Royal ransomware group in September 2022, reports The Record, a news site by cybersecurity firm Recorded Future.
While most ransoms sought by BlackSuit ranged from about $1 million to $10 million worth of Bitcoin, the ransomware gang has demanded payments of up to $60 million, according to an updated joint advisory from the FBI and Cybersecurity and Infrastructure Security Agency. Despite having ransomware coding upgrades from Royal, BlackSuit continues to mostly leverage phishing attacks to achieve initial access before deactivating antivirus software, using remote monitoring and management software for persistence, exfiltrating data, and delivering ransomware, said the advisory, which also noted IP addresses associated with the ransomware group that should be blocked by organizations. Such an advisory comes after BlackSuit's involvement in intrusions against education organizations, local governments, and companies across the U.S.
