BlackSuit Ransomware targets software firm and steals data of about 950k individuals

    BlackSuit, the ransomware group responsible for the recent outage at CDK Global, has announced that it is compelled to release data on over 950,000 individuals from Young Consulting, now known as Connexure.

    The ransomware gang claimed to have breached Connexure’s servers in April 2024, targeting confidential information. The Atlanta-based software firm detected the unauthorized access in May. Despite negotiations between Connexure’s senior management and the attackers, no agreement was reached regarding the ransom.

    In July, BlackSuit revealed it possessed sensitive information, including social security numbers, full names, dates of birth, and insurance claim details. The group threatened further data leaks or sales if their demands were not met. The compromised data also includes financial reports, medical records, employee passport numbers, family details, contracts, contact information, and business agreements.

    In August 2024, BlackSuit began releasing the stolen information. In response, Connexure announced that affected individuals would receive free credit monitoring services from Cyberscout, available through November 2024. The company, which provides integrated software for marketing and administration, is actively exploring ways to manage the impact of the cyberattack without paying the ransom.

    One potential approach is to restore encrypted data from backups and report the incident to law enforcement. The law enforcement cyber units would then work to disrupt the criminals’ databases and destroy the stolen data permanently.

    As per an advisory from the FBI and US-CISA issued in March 2024, a forthcoming ransomware variant is set to enter the cybersecurity landscape, marking itself as a rebrand or offshoot of the Royal Ransomware gang, notorious for purportedly amassing around $275 million in 2022.

    This marks the fourth malware iteration linked to the Royal Ransomware lineage, joining the ranks of Blackmatter (a derivative of Darkside ransomware), Hunters International (formerly known as Hive), and NoEscape (previously identified as Avaddon).

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display