Black Suit attacks IT Luggage

Date:

July 25, 2023

World map

Overview

Title

Black Suit attacks IT Luggage

Victim

IT Luggage

Attacker

Black Suit

Location

Hertford, United Kingdom

Hertford,

Size of Attack

Unknown/TBD

First Reported

July 25, 2023

Last Updated

October 31, 2022

The BlackSuit ransomware gang has attacked IT Luggage. IT Luggage is a prominent and well-established luggage brand known for its wide range of travel products and accessories. Over the years, the company has built a reputation for delivering quality and functional luggage solutions to meet the needs of travelers worldwide. The brand offers a diverse selection of luggage options, including suitcases, carry-on bags, duffel bags, and travel accessories. IT Luggage is recognized for incorporating innovative features and materials in its designs to enhance durability, ease of use, and overall travel convenience. BlackSuit posted IT Luggage to its data leak site on July 25th, leaking "a large amount of data". BlackSuit ransomware exhibits similarities to Royal ransomware. Previous reports have been made on the Windows and Linux variants of Royal. Similar to Royal, BlackSuit is known for targeting both Windows and Linux systems. The YARA rules for the Linux variant of BlackSuit also match samples of the Royal Linux variant. It has been stated that Royal and BlackSuit share 98% similarity in function, 99.5% similarity in blocks, and 98.9% similarity in jumps based on the BinDiff comparison tool. Although BlackSuit utilizes command line arguments that function similarly to those used by Royal, the strings employed in the arguments differ. Moreover, BlackSuit uses extra arguments not present in Royal ransomware. Regarding the 32-bit Windows variants of BlackSuit and Royal ransomware families, researchers noted 93.2% similarity in functions, 99.3% similarity in basic blocks, and 98.4% in jumps based on BinDiff. While BlackSuit and Royal Windows variants use different argument strings, the purposes of these arguments are similar. Both BlackSuit and Royal utilize OpenSSL's AES for encryption and leverage comparable intermittent encryption techniques for fast and efficient encryption of victim files. Once the files are encrypted on a victim machine, BlackSuit appends the .blacksuit extension to encrypted files and presents its ransom note. The ransom note contains the ransomware's TOR chat site and a unique ID for each affected victim. BlackSuit threat actors employ a leaks site and a double extortion model, demanding ransom for unlocking files and not leaking stolen information.

Oh no!

This attack's description was not found, while we work on the detailed account of this attack we invite you to browse through other recent Rasomware Attacks in the table below.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.

Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods