BlackSuit Ransomware Strikes Hard at CDK Global
The BlackSuit ransomware gang has leaked stolen data from attacks against fifty-three organizations over the course of a year. Just this week hitting the newswire is BlackSuit is behind a significant IT disruption at CDK Global, impacting car dealerships throughout North America. CDK was compelled to shut down its IT systems and data centers to prevent further spread, including its car dealership platform. Although the company attempted service restoration on Wednesday, a second cybersecurity incident occurred, leading to another shutdown of all IT systems.
Despite the CDK outage, all Company dealerships remain open and operational, employing workaround solution to mitigate disruptions. CDK also cautions that threat actors are impersonating CDK agents or affiliates in calls to dealerships, seeking unauthorized systems access.
BlackSuit, which emerged in May 2023, is thought to be a rebranding of the Royal ransomware operation. Royal Ransomware, and consequently BlackSuit, is considered the direct heir to the infamous Conti cybercrime syndicate, a well-organized gang of Russian and Eastern European threat actors. In June 2023, the Royal Ransomware operation started evaluating a new encryptor named BlackSuit amidst rumors of a planned rebranding. Following their attack on the City of Dallas, Texas, attacks under the royal name vanished, and the threat actors now operate under the BlackSuit moniker.
Late last year, both the FBI and CISA both have advised that Royal and BlackSuit share similar tactics and coding overlaps in their encryptors. The advisory connected with the Royal ransomware gang to attacks on over 350 organizations globally since September 2022, with ransom demands exceeding $275 million.
Here are some key facts about BlackSuit ransomware:
- Encryption Method: BlackSuit uses advanced encryption techniques to lock victims’ files, making it impossible to recover the data without the decryption key.
- Double Extortion: Like other modern ransomware, BlackSuit employs a double extortion tactic. This means that in addition to encrypting files, the attackers also exfiltrate sensitive data and threaten to release it publicly if the ransom is not paid.
- Targeted Attacks: BlackSuit has been observed targeting specific industries, including healthcare, finance, and critical infrastructure, where the impact of an attack can force a quick ransom payment.
- Ransom Demands: The ransom demands associated with BlackSuit can be substantial, often reaching into the hundreds of thousands or even millions of dollars, depending on the size and nature of the targeted organization.
- Distribution Methods: BlackSuit is typically distributed through phishing emails, malicious attachments, and exploiting vulnerabilities in unpatched software.
- Impact on Operations: Victims of BlackSuit ransomware often experience significant operational disruptions, including the inability to access critical systems and data, leading to downtime and financial losses.
- Mitigation and Response: Organizations are advised to implement robust cybersecurity measures, including regular backups, multi-factor authentication, and employee training to mitigate the risk of BlackSuit ransomware attacks.
Ransomware keeps evolving and the attacks and strands keeping getting more sophisticated. Stay vigilant.
Read More: