BlackSuit Ransomware Hits Pueblo of Pojoaque: Key Details & Impact
Incident Date:
July 25, 2024
Overview
Title
BlackSuit Ransomware Hits Pueblo of Pojoaque: Key Details & Impact
Victim
Pueblo of Pojoaque
Attacker
Black Suit
Location
First Reported
July 25, 2024
Ransomware Attack on Pueblo of Pojoaque by BlackSuit
Overview of the Pueblo of Pojoaque
The Pueblo of Pojoaque, located in northern New Mexico, is a federally recognized Native American tribe known for its rich cultural heritage and economic initiatives. The tribe operates several enterprises, including the Buffalo Thunder Resort and Casino, which significantly contribute to the local and tribal economies. With a tribal enrollment of approximately 482 members and a reservation size of 11,963 acres, the Pueblo is a key player in the region's hospitality sector.
Details of the Ransomware Attack
The ransomware group BlackSuit has claimed responsibility for a cyberattack on the Pueblo of Pojoaque. The attackers have criticized the Pueblo's management for alleged negligence, stating that multiple warnings were ignored. BlackSuit has emphasized that the leadership's inaction demonstrates a prioritization of financial interests over data security. The group has threatened severe consequences if the compromised information is published.
About BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting a high degree of code and functionality overlap.
Potential Vulnerabilities
The Pueblo of Pojoaque's extensive involvement in the hospitality sector, including the operation of multiple casinos and resorts, makes it a lucrative target for ransomware groups. The reliance on digital infrastructure for managing these enterprises could have exposed vulnerabilities that BlackSuit exploited. The attackers likely penetrated the systems through unpatched software, weak security protocols, or phishing attacks.
Impact on the Community
The ransomware attack has significant implications for the Pueblo of Pojoaque. The compromised data could include sensitive information about employees, partners, and financial transactions. The attack not only threatens the tribe's economic stability but also its reputation and trust within the community. The management's alleged negligence in addressing cybersecurity threats further exacerbates the situation.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.