FortiGuard Labs is aware of a report that a new ransomware “Black Suit” targeting both Windows and Linux platforms was discovered in the wild. Some reports suggest similarities with the infamous active Royal ransomware. Black Suit ransomware encrypts files on affected machines and adds a “.BlackSuit” file extension to the encrypted files. It also operates its own leak site on TOR designed to post information stolen from victims.Why is this Significant?This is significant because “Black Suit” is a new ransomware that targets both Windows and Linux platforms. The threat actor operates a data leak site on TOR, which typically means that the ransomware targets enterprises.What is “Black Suit” ransomware?”Black Suit” is a new ransomware that is used to target Windows and Linux platforms. Information on the infection vector used by the Black Suite ransomware threat actor is not currently available. However, it is not likely to differ significantly from other ransomware groups. The ransomware encrypts files on compromised machines and adds a “.BlackSuit” file extension to affected files. It then leaves a ransom note labeled “README.BlackSuit.txt” and requests victims to contact the attacker on TOR for ransom negotiation. At the time of this writing, the leak site does not list any victims.What is the Status of Protection?FortiGuard Labs has the following AV signatures for the known samples of BlackSuit ransomware:Linux/Filecoder_Royal_AGen.A!trW32/PossibleThreat
More Stories
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Posted by Thomas Weber via Fulldisclosure on Sep 23 CyberDanube Security Research 20240919-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204...
Submit Exploit CVE-2024-42831
Posted by arfaoui haythem on Sep 23 # Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 # Date:...
USN-7021-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7029-1: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-7007-3: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...
USN-6999-2: Linux kernel vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...