• Home
  • News
  • BlackSuit Ransomware Group Targets GOLFZON

BlackSuit Targets GOLFZON in the Latest Ransomware Attack

Miklos Zoltan

By Miklos Zoltan . 10 December 2023

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

BlackSuit hit GOLFZON today, according to the organization’s public statement and evidence published. The cyberattack managed to penetrate the company’s defense systems, leading to an important data leak.

  • GOLFZON is a world-renowned golf simulator with 4 consecutive awards (2017-2020) as the best golf simulator
  • The company has over 6,200 brick-and-stone commercial sites across 62 countries, making it a major worldwide player
  • BlackSuit’s attack was swift and, in typical fashion, led to a data leak and the encryption of the data
  • GOLFZON’s response to the attack is still unknown

GOLFZON keeps stacking awards, as it also won one for the Most Innovative Product in 2022. This explains in part why it became a ransomware target, especially at the hands of BlackSuit.

BlackSuit is known for going strictly for financial strikes and hasn’t shown any interest in political affiliations or ideological statements.

The organization is relatively new, as this GOLFZON cyberattack is among the first pursued by BlackSuit. Interestingly enough, it appears that the newly formed hacker group specializes on the health industry.

Tweet showing the BlackSuit attack announcement on GOLFZON

BlackSuit’s interest in the medical sector suggests that the group is looking for the most vulnerable targets. One of the most recent attacks was on a private health provider that is responsible for servicing more than 1,000 hospitals in 48 states.

Who is BlackSuit?

There are several theories regarding the identity of BlackSuit, although the most widespread one is that it’s a completely new organization.

Similarities between BlackSuit and other cyberthreat actors have been found, though, as is the case with Royal.

Royal ransomware also specializes in targeting the health and public health (HPH) sector, with a predilection for private institutions.

The likely reason for that is the lower likelihood of a generalized push-back, as it would be the case if they attacked public institutions.

Despite being new and rather aggressive, BlackSuit hasn’t been very active since its inception. Only a handful of attacks have been attributed to BlackSuit, which suggest that the organization prefers to keep a low profile.

Other theories suggest that BlackSuit could be a rebranding of Royal, meant to eventually replace the latter after it dissolves.

The goal may be to take some of the heat off of the name Royal, since the organization has made a name for itself in the health sector.

When it comes to the MO, BlackSuit uses the standard double extortion procedure. The victim’s data is first cloned and downloaded, then encrypted at the source. If the victim refuses to pay, the attacker releases the data publicly or sells it for profit.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment