• Home
  • News
  • Controversial BLACK SUIT Ransomware Hits 2

Controversial BLACK SUIT Ransomware Hits 2

Miklos Zoltan

By Miklos Zoltan . 8 April 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

BLACK SUIT ransomware gang targeted 2 more victims, one from the US and the other from Belgium. The hackers didn’t post any details about the operations other than a brief summary of each victim.

  • The BLACK SUIT gang has been getting increasingly more active over the past year, making a name for itself in the ransomware sphere
  • BLACK SUIT first appeared in May 2023 but grew fast and attracted a lot of attention since
  • The gang describes itself as a closed group that doesn’t offer RaaS (ransomware-as-a-service) services
  • The BLACK SUIT hackers are known to demand pricey ransoms and make almost no compromises during negotiations

Unlike most ransomware gangs and other cybercriminal organizations, BLACK SUIT refuses to offer RaaS services. This is most likely due to them not wanting to share their tools and tactics with others. It also guarantees that they get to keep all of the profits.

This means that it’s unclear what tools and tactics the hackers employ during the attacks and how fast they upgrade their software. One thing is for certain, though: BLACK SUIT has been growing at a steady pace since its inception.

It’s unusual for a ransomware group to achieve global recognition with just a few months of activity. This suggests that BLACK SUIT is more capable and resourceful than initially thought. It’s important to note that the BLACK SUIT hackers also attack public institutions.

X showing the BLACK SUIT attack on the 2 victims
https://twitter.com/FalconFeedsio/status/1777214795550503140

Most ransomware groups prefer to target private organizations, especially small and medium-sized ones. This typically attracts less attention from law enforcement agencies, allowing the gang to operate in peace for longer.

Naturally, this doesn’t last too long, either. The FBI, along with CISA and other organizations, are constantly on the prowl. Operation Cronos, which took place in February of this year, targeted Lockbit itself, the largest ransomware gang today.

What to Know About BLACK SUIT Gang

BLACK SUIT is a controversial organization, as many suspect it to be related to 2 prominent but defunct ransomware actors: Conti and Royal. These were once some of the largest cybercriminal rings in the world. But why do people believe that?

According to the experts who assessed BLACK SUIT’s profile, the group shows interesting code, tactics, and website design similarities to the 2 defunct groups. This doesn’t necessarily mean that they are related, but it’s unlikely to be a coincidence either.

Especially when considering how ransomware groups operate in the first place. Because of their line of activity, these gangs are always targeted by law enforcement agencies, high-value ones especially.

But because the roll-over-and-die option is never on the table, ransomware operators need to find ways to survive. They typically do that by relocating their assets to other groups and rebranding themselves to lose the heat.

Some suggest that this may be the case with BLACK SUIT, despite the hackers denying any association with the 2 mentioned organizations. It’s normal that they would, though, since they wouldn’t want to attract attention to themselves.

Whether BLACK SUIT is related or not to any other ransomware gang, though, they are clearly a threat worthy of attention.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment