| The US Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) released this Analyst Note to provide awareness of BlackSuit ransomware. |
| A relatively new ransomware group and strain known as BlackSuit, with significant similarities to the Royal ransomware family, will likely be a credible threat to the Healthcare and Public Health (HPH) sector. Discovered in early May, BlackSuit’s striking parallels with Royal, the direct successor of the former notorious Russian-linked Conti operation, potentially places the group with one of the most active ransomware groups in operation today. Both Royal and the now defunct Conti are known to have aggressively targeted the HPH sector, and if their purported ties to BlackSuit prove to be verified, then the sector will likely continue to be attacked profoundly. |
| This HC3 Analyst Note provides an overview of the group, possible connections to other threat actors, an analysis of their ransomware attacks, their target industries and victim countries, impacts to the HPH sector, MITRE ATT&CK techniques, indicators of compromise, recommended defenses and mitigations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cyber criminals. |