HQ/EMEAFind out how we can help your business
The Federal Bureau of Investigation has warned everyone regarding the rebranding of the notorious Royal ransomware gang into BlackSuit.
The rebranding of cybercriminal groups has become prevalent in the cybercriminal environment to execute sophisticated techniques of avoiding detection and preventing countermeasures from law enforcement agencies and cybersecurity providers.
The transition from Royal to BlackSuit indicates that this cybercriminal organisation wants to generate a strategic transformation in its operations, involving advanced encryption methods and highly sophisticated attack vectors.
BlackSuit, previously known as Royal, typically uses vulnerabilities to execute their campaigns.
The BlackSuit ransomware group’s primary attack technique exploits publicly available application vulnerabilities and remote desktop protocols. These tactics allow the group to acquire unauthorised access to targeted systems.
Consequently, they deploy ransomware to encrypt critical files and demand a ransom for their safe decryption once they establish their presence within their victims.
According to a jointly published advisory from various federal law enforcement agencies, the group started to rebrand in November 2022. However, the transition became apparent in June 2023 when Royal ransomware incorporated the BlackSuit encryptor into its malicious tools.
This subtle integration raised suspicions and became the first sign of the rebranding. Recent research also confirmed the transformation since the source code of BlackSuit revealed a resemblance to its predecessor, Royal.
Despite the similarities, the true extent of the threat only emerged recently after the ransomware operators deployed BlackSuit against several companies. This intentional restraint from the threat actors indicates they are cautious with their activities, testing their capabilities before unleashing their full potential.
The evolution of Royal into BlackSuit is a significant and alarming development for the cybersecurity landscape since it shows how dynamic these cyber threats can be. Hence, organisations must prioritise the regular update of their security protocols, conduct frequent vulnerability assessments, and invest in comprehensive employee training programs to enhance their ability to recognise and mitigate potential cyber threats.
Royal ransomware’s transformation into BlackSuit indicates that the threat actors could adapt and be prepared against any attempts of takedowns from cybersecurity experts. Law enforcement agencies, cybersecurity experts, and organisations should collaborate more in battling against these threats to strengthen digital defences and adapt to cybercriminal groups’ constantly changing tactics
