BlackSuit is a financially motivated ransomware group that emerged in April 2023, largely recognized as a rebrand or successor to the notorious Royal ransomware and possessing significant code similarities with the defunct Conti ransomware syndicate. Operating as a private entity rather than a Ransomware-as-a-Service (RaaS) model with public affiliates, BlackSuit distinguishes itself by targeting both Windows and Linux systems, including VMware ESXi servers. The group is known for its high ransom demands, typically ranging from $1 million to $10 million, with some instances reaching up to $60 million, and a unique approach to encryption that involves partial file encryption to enhance speed and evade detection. They notably avoid targeting entities within Commonwealth of Independent States (CIS) countries.

URLs nuevas detectadas en IntelTracker