Analysis of the BlackSuit Ransomware Incident at Octapharma Plasma

Incident Date:

April 23, 2024

World map



Analysis of the BlackSuit Ransomware Incident at Octapharma Plasma


Octapharma Plasma, Inc.


Black Suit


Charlotte, USA

North Carolina, USA

First Reported

April 23, 2024

Analysis of the BlackSuit Ransomware Attack on Octapharma Plasma

Company Profile

Octapharma Plasma, Inc., a key player in the global healthcare sector, specializes in the collection, testing, and supply of human blood plasma. As a subsidiary of Octapharma AG, it stands as one of the largest privately owned and independent plasma fractionators worldwide. Established in 1983 and headquartered in Charlotte, North Carolina, Octapharma Plasma operates numerous donation centers across the United States. The company focuses on three main therapeutic areas: haematology, immunotherapy, and critical care, employing over 10,000 staff globally.

With its extensive network and advanced manufacturing capabilities, Octapharma Plasma serves patients in 118 countries, making significant contributions to the plasma and biopharmaceutical industries. The company's commitment to innovation and sustainability further solidifies its position as an industry leader.

Details of the Ransomware Attack

In a recent cybersecurity breach, Octapharma Plasma fell victim to a ransomware attack orchestrated by the BlackSuit group, a new but formidable player in the cybercrime arena. This attack resulted in the encryption of sensitive data across multiple systems, impacting both operational and personal data. The compromised information includes social security numbers, personal health information, financial records, and internal business documents.

The BlackSuit ransomware, which shares a high degree of similarity with the notorious Royal ransomware, targets both Windows and Linux systems, including critical infrastructure like VMware ESXi servers. The ransomware appends a .blacksuit extension to encrypted files and leaves a ransom note directing victims to a Tor-based communication channel.

Vulnerabilities and Industry Impact

The company's extensive data collection and storage of sensitive personal and medical information make it a prime target for ransomware attacks. The healthcare industry, known for its critical and time-sensitive operations, often faces immense pressure to pay ransoms to restore access to vital data and systems swiftly.

The attack not only threatens the privacy and security of individuals' data but also highlights the broader vulnerabilities within the healthcare sector, especially in organizations that manage high volumes of sensitive information.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.