Meet the ransomware gang that demands $500 million

Cybersecurity Insiders

Recent reports have highlighted a disturbing trend: ransomware gangs are increasingly targeting the healthcare sector, leading to severe consequences such as blood shortages and the cancellation of emergency services. Alarmingly, a particular ransomware group has now accumulated a staggering $500 million—an amount comparable to the annual budget of a county or small island.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint alert regarding BlackSuit ransomware gang’s latest ransom demand, which has reached an unprecedented $100 million. Initially, the gang demanded $60 million from a Fortune 500 company. If the payment, which must be made in cryptocurrency, is not met within the specified time frame, the demand will escalate to $100 million.

This pattern suggests that these cybercriminals could potentially amass substantial wealth by conducting successive attacks, which could be funneled into further criminal activities, wars, or the nuclear ambitions of some rogue leaders.

Notably, the ransom demand is not made immediately following an attack but is instead presented during the negotiation phase, after a secure connection has been established with the threat actor through an Onion browser.

Potential targets include commercial businesses, financial institutions, public health facilities, manufacturing firms, and certain government entities.

Cybersecurity Insiders readers should be aware that BlackSuit is a sophisticated criminal organization that evolved from the now-defunct Royal Ransomware. This gang primarily spreads its malware through phishing emails, and the malicious software can evade detection by conventional anti-malware solutions.

Law enforcement agencies strongly advise victims against paying any ransom. Instead, they encourage reporting incidents to cyber police agencies, as paying the ransom not only fuels criminal activities but also does not guarantee the provision of a decryption key.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display