FortiGuard Labs is aware of a report that a new ransomware “Black Suit” targeting both Windows and Linux platforms was discovered in the wild. Some reports suggest similarities with the infamous active Royal ransomware. Black Suit ransomware encrypts files on affected machines and adds a “.BlackSuit” file extension to the encrypted files. It also operates its own leak site on TOR designed to post information stolen from victims.Why is this Significant?This is significant because “Black Suit” is a new ransomware that targets both Windows and Linux platforms. The threat actor operates a data leak site on TOR, which typically means that the ransomware targets enterprises.What is “Black Suit” ransomware?”Black Suit” is a new ransomware that is used to target Windows and Linux platforms. Information on the infection vector used by the Black Suite ransomware threat actor is not currently available. However, it is not likely to differ significantly from other ransomware groups. The ransomware encrypts files on compromised machines and adds a “.BlackSuit” file extension to affected files. It then leaves a ransom note labeled “README.BlackSuit.txt” and requests victims to contact the attacker on TOR for ransom negotiation. At the time of this writing, the leak site does not list any victims.What is the Status of Protection?FortiGuard Labs has the following AV signatures for the known samples of BlackSuit ransomware:Linux/Filecoder_Royal_AGen.A!trW32/PossibleThreat
More Stories
USN-7021-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7029-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-7007-3: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-6999-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-7028-1: Linux kernel vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...
python-zipp-0.5.1-4.el8
FEDORA-EPEL-2024-d7489f4064 Packages in this update: python-zipp-0.5.1-4.el8 Update description: Security fix for CVE-2024-5569 (rhbz#2297119) Read More