BlackSuit Ransomware Hits Peregrine Petroleum, Steals 202GB of Sensitive Data
Incident Date:
June 15, 2024
Overview
Title
BlackSuit Ransomware Hits Peregrine Petroleum, Steals 202GB of Sensitive Data
Victim
Peregrine Petroleum
Attacker
Black Suit
Location
First Reported
June 15, 2024
Ransomware Attack on Peregrine Petroleum by BlackSuit
Overview of Peregrine Petroleum
Peregrine Petroleum, headquartered in Dallas, Texas, is a prominent player in the oil and gas industry. The company specializes in the exploration, development, and production of hydrocarbon resources, focusing on projects in the Gulf of Mexico and onshore areas. With approximately 25 employees and generating around $17 million in revenue, Peregrine Petroleum stands out due to its advanced use of seismic technology and re-processing for prospecting and acquiring equity in prospective projects.
Details of the Ransomware Attack
The ransomware group BlackSuit has claimed responsibility for a significant cyberattack on Peregrine Petroleum. The breach resulted in the theft of 202 gigabytes of data, including 178 gigabytes from various operational directories and 24 gigabytes from a private SQL database. The compromised data was stored across multiple directories on their internal network, specifically organized under administrative, financial, HR, and shared company resources. Sensitive folders such as Acquisitions, Budget-Planning, Accounting Records, and Employee Files were also affected.
About BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found a high degree of similarity between BlackSuit and Royal ransomware, suggesting a possible connection or shared origin.
Penetration and Vulnerabilities
Peregrine Petroleum's detailed online exposure through its website and LinkedIn profile made it particularly vulnerable to cyberattacks. The ransomware group likely exploited these vulnerabilities to penetrate the company's systems. The attack underscores the importance of robust cybersecurity measures, especially for companies in critical sectors like oil and gas.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.