BlackSuit Ransomware (6e200813-4379-457b-9cce-2203bed4b072)
BlackSuit is a ransomware capable of running on Windows and Linux systems. BlackSuit is believed to be a successor to Royal, a ransomware operation which itself derives from the notorious Russia-based Conti gang. BlackSuit operations were first observed in May 2023, and although they were relatively low in number, U.S. authorities issued a warning for healthcare sector organizations due to the ransomware's suspected pedigree.[HC3 Analyst Note BlackSuit Ransomware November 2023] The number of attacks claimed by BlackSuit operators increased notably in Q2 2024.[GitHub ransomwatch]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| BlackSuit Ransomware (6e200813-4379-457b-9cce-2203bed4b072) | Tidal Software | BlackSuit Ransomware Actors (1d751794-ce94-4936-bf45-4ab86d0e3b6e) | Tidal Groups | 1 |