Ransomware Attack on RhinoCorps Ltd. by BlackSuit

Overview of RhinoCorps Ltd.

RhinoCorps Ltd. is a specialized firm headquartered in Albuquerque, New Mexico, with additional locations in Huntsville, Alabama, and Boston, Massachusetts. Established in 1998, the company primarily serves the Department of Defense (DoD) and the Department of Energy (DOE), along with other government agencies. RhinoCorps excels in modeling, simulation, and web application development, providing critical support to national security programs. Their services include simulation training, software development, and engineering support, making them a valuable partner for federal agencies.

Details of the Ransomware Attack

RhinoCorps Ltd. has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as BlackSuit. The attackers have issued a stern warning, criticizing RhinoCorps' management for neglecting the welfare of its partners and employees. BlackSuit claims that RhinoCorps dismissed concerns about the future of their data without proper investigation. As a result, the attackers have threatened to publicly release all compromised data within 48 hours.

The stolen data includes sensitive business information such as contracts, contacts, planning documents, and presentations. Additionally, employee data, including passports, contracts, contact details, family information, and medical records, has been compromised. Financial data, encompassing audits, reports, payments, and contracts, has also been taken. The attackers have further indicated that they possess a significant number of contract copies and other unspecified data extracted from various shared and personal folders.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023 and appears to be closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The ransom note includes a reference to a Tor chat site where victims can contact the operators.

Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting that BlackSuit is either a new variant developed by the same authors, a copycat using similar code, or an affiliate of the Royal ransomware gang. The emergence of BlackSuit indicates that the threat actors behind Royal may have inspired other cybercriminals to develop similar ransomware families.

Potential Vulnerabilities

RhinoCorps' focus on national security programs and their handling of sensitive data make them a prime target for ransomware groups like BlackSuit. The company's extensive involvement with federal agencies and critical infrastructure projects means that any data breach could have significant repercussions. The attack on RhinoCorps underscores the importance of robust cybersecurity measures, especially for firms operating in high-stakes environments.

<

Sources

ul>