BlackSuit Ransomware Hits Hiawatha Homes, Compromising Sensitive Data
Incident Date:
June 24, 2024
Overview
Title
BlackSuit Ransomware Hits Hiawatha Homes, Compromising Sensitive Data
Victim
Hiawatha Homes, Inc.
Attacker
Black Suit
Location
First Reported
June 24, 2024
BlackSuit Ransomware Group Targets Hiawatha Homes, Inc.
Overview of Hiawatha Homes, Inc.
Hiawatha Homes, Inc. is a non-profit organization based in Rochester, Minnesota, dedicated to providing support services and housing for individuals with disabilities. The organization operates primarily in the southeastern region of Minnesota, particularly in the city of Rochester. Hiawatha Homes offers a variety of services tailored to meet the unique needs of each individual they support, including residential care, in-home support, and respite care. The organization employs approximately 281 people and generates around $10.4 million in revenue annually.
Services and Mission
Hiawatha Homes is committed to empowering people with disabilities to live as independently as possible while ensuring they have access to the resources and care they need to thrive. Their services include residential care, in-home support, and respite care. Residential care involves providing a safe and nurturing living environment with 24-hour support from trained staff. In-home support services are designed for individuals who live independently or with their families but require some level of assistance. Respite care provides temporary relief for primary caregivers, ensuring continuous care for individuals while their primary caregivers are away.
Community Integration and Social Inclusion
In addition to core services, Hiawatha Homes focuses on community integration and social inclusion. They organize various activities and programs that encourage individuals with disabilities to participate in community events, develop social skills, and build meaningful relationships. These programs are designed to enhance the quality of life for the individuals they support and promote a sense of belonging within the community.
Details of the Ransomware Attack
On June 24, 2024, Hiawatha Homes, Inc. was targeted by the BlackSuit ransomware group, resulting in a significant data breach. The attack compromised 106,336 files totaling over 40 billion bytes. The breached data includes sensitive information from various departments such as finance, human resources, management, and public relations. The attack has raised concerns about the security measures in place at Hiawatha Homes and the potential impact on the individuals they support.
About the BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023 and appears to be closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The ransom note includes a reference to a Tor chat site where victims can contact the operators.
Technical Analysis and Similarities with Royal Ransomware
Researchers have discovered significant similarities between the code and functionality of BlackSuit and Royal ransomware. The similarities include a 98% similarity in functions, 99.5% similarity in code blocks, and 98.9% similarity in jumps. This suggests that BlackSuit is either a new variant developed by the same authors as Royal, a copycat using similar code, or an affiliate of the Royal ransomware gang that has implemented some modifications.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.