BlackSuit Ransomware Hits Peregrine Petroleum, Steals 202GB of Sensitive Data

Incident Date:

June 15, 2024

World map



BlackSuit Ransomware Hits Peregrine Petroleum, Steals 202GB of Sensitive Data


Peregrine Petroleum


Black Suit


Houston, USA

Texas, USA

First Reported

June 15, 2024

Ransomware Attack on Peregrine Petroleum by BlackSuit

Overview of Peregrine Petroleum

Peregrine Petroleum, headquartered in Dallas, Texas, is a prominent player in the oil and gas industry. The company specializes in the exploration, development, and production of hydrocarbon resources, focusing on projects in the Gulf of Mexico and onshore areas. With approximately 25 employees and generating around $17 million in revenue, Peregrine Petroleum stands out due to its advanced use of seismic technology and re-processing for prospecting and acquiring equity in prospective projects.

Details of the Ransomware Attack

The ransomware group BlackSuit has claimed responsibility for a significant cyberattack on Peregrine Petroleum. The breach resulted in the theft of 202 gigabytes of data, including 178 gigabytes from various operational directories and 24 gigabytes from a private SQL database. The compromised data was stored across multiple directories on their internal network, specifically organized under administrative, financial, HR, and shared company resources. Sensitive folders such as Acquisitions, Budget-Planning, Accounting Records, and Employee Files were also affected.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found a high degree of similarity between BlackSuit and Royal ransomware, suggesting a possible connection or shared origin.

Penetration and Vulnerabilities

Peregrine Petroleum's detailed online exposure through its website and LinkedIn profile made it particularly vulnerable to cyberattacks. The ransomware group likely exploited these vulnerabilities to penetrate the company's systems. The attack underscores the importance of robust cybersecurity measures, especially for companies in critical sectors like oil and gas.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.