BlackSuit Ransomware Attack On Campaign For Tobacco-Free Kids


The BlackSuit ransomware attack has claimed a new victim: the Campaign for Tobacco-Free Kids, an American non-profit organization dedicated to advocating for reduced tobacco consumption.

The announcement for this Campaign for Tobacco-Free Kids cyberattack surfaced via a dark web channel, where the group boasted about its latest cyber incursion.

Headquartered in Washington, D.C., Campaign for Tobacco-Free Kids is a prominent non-profit organization renowned as a leading anti-tobacco entity by esteemed publications like the New York Times. 

The BlackSuit Ransomware Attack 

Source: X

The BlackSuit ransomware group’s announcement, made on February 12, 2024, highlights the brazen nature of their operations.

BlackSuit Ransomware Attack On Campaign For Tobacco-Free Kids

Unlike more widely recognized cybercriminal factions, BlackSuit has been steadily expanding its sphere of influence, with previous attacks including breaches at educational institutions in central Georgia and even a zoo in Tampa Bay.

Adding to the mounting concerns, DePauw University in Indiana recently disclosed a targeted intrusion, resulting in the unauthorized access of sensitive data pertaining to specific individuals.

This breach, attributed to the same BlackSuit ransomware group, highlighted the indiscriminate nature of their attacks and the breadth of their capabilities.

To learn more about the situation, The Cyber Express reached out to the Campaign for Tobacco-Free Kids for comment.

However, as of the time of writing, no official statement has been issued by the organization, leaving the claims of the Campaign for Tobacco-Free Kids attack unverified.

No Visible Intrusion and Modus Operandi of BlackSuit Ransomware 

Despite these big bold claims, the Campaign for Tobacco-Free Kids’ website remains operational, showing no overt signs of the reported cyberattack.

Nevertheless, the gravity of the situation cannot be understated, given BlackSuit’s track record of encrypting files on both Linux and Windows systems, appending a “.blacksuit” extension to affected files, altering desktop wallpapers, and distributing ransom notes.

Cybercrime researcher Graham Cluley has shed light on BlackSuit’s modus operandi, detailing their encryption techniques and ransom demands.

The US Department of Health and Human Services (HHS) issued a warning linking BlackSuit ransomware to previous groups like Royal and Conti, suggesting it as a direct successor. 

The BlackSuit ransomware group’s latest victims, Southwest Binding & Laminating and Western Municipal Construction, further highlight the indiscriminate nature of their targeting.

While Southwest Binding & Laminating’s website remains operational, Western Municipal Construction’s site is conspicuously offline, raising suspicions of yet another BlackSuit ransomware attack.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link