Thursday, 08 June 2023 16:03

Bring on the Ransomware Beta Test as Royal Begins Seems to be testing a New Encryptor called BlackSuit

Written by

Reading time is around minutes.

The fine folks at the Royal ransomware group have begun testing a new flavor of encryptor that is being called BlackSuit (The hat was already taken). First identified in January of this year (2023), Royal is believed to be Conti returned to life. Royal is also a private group, meaning they are not selling their services to anyone else but looking to keep things internal and hoard all their revenue. Royal is who went after the City of Dallas recently and might have poked the bear on that one.

From some internal rumblings, Royal might be looking to pull a quick name change in hopes of avoiding some of the heat from the Dallas attack. This has not been confirmed but given how quickly organizations can compost and rebuild operations (it is a target rich environment) it is not out of the realm of possibility that they are looking for a reimaging or reboot. It is with this in mind that we turn our attention to BlackSuit.

First identified in May, the new branded encryptor found in the BlackSuit campaign shares a lot in common with Royal. This has led a few researchers to think this might be the direction that Royal was looking to go. The expected rebranding has not materialized yet, but the Royal group has been seen leveraging the BlackSuit encryptor along with their more normal offering.

Royal is an interesting mix of talent and while large (as organizations go) they tend to operate in small groups of around 5. Royal is a very active and sophisticated group. They tend to develop their own loaders and deploy very effective encryptors in their campaigns. Seeing BlackSuit show up might just be them adding another weapon on their arsenal. We know that they will switch loaders when needed or when they feel they have run their course, we could just be seeing the next iteration of their toolset in BlackSuit.

As ransomware groups, private and professional, are showing an even greater level of sophistication, it is time for the defenders to shake things up. Doing what we have always done is not going to protect against any of the evolving threats out there. Attackers know “what we’ve always done” so they can anticipate this. New and creative thought processes around d security need to be employed to prevent these attacks.

Read 1281 times

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.