"BlackSuit/Royal Ransomware Group Has Demanded $500m"

The US Cybersecurity and Infrastructure Security Agency (CISA) has recently discovered that a prolific ransomware group has demanded more than $500m from its victims in less than two years.  The prolific ransomware group is BlackSuit, which rebranded from Royal in July 2023.  CISA noted that the largest individual demand since the group rebranded was $60m, although the report adds that the group displays a “willingness to negotiate payment amounts,” so initial high asking prices are likely to be merely a negotiating tactic.  CISA says that ransom demands have typically ranged from approximately $1m to $10m, with payment demanded in Bitcoin.  Ransom amounts are not displayed on the initial note.  Instead, victims usually need to interact directly with the threat actor via a .onion URL provided after encryption, although more recently, they’ve also received email and telephone communications, CISA said.  CISA noted that BlackSuit uses classic double extortion tactics, displaying the names of victims and, subsequently, their data on a leak site if a ransom is not paid.
 

Infosecurity Magazine reports: "BlackSuit/Royal Ransomware Group Has Demanded $500m"