Forrec S.P.A. Hit by BlackSuit Ransomware, Data Compromised

Incident Date:

August 13, 2024

World map

Overview

Title

Forrec S.P.A. Hit by BlackSuit Ransomware, Data Compromised

Victim

Forrec S.P.A.

Attacker

Black Suit

Location

Santa Giustina in Colle, Italy

, Italy

First Reported

August 13, 2024

Forrec S.P.A. Targeted by BlackSuit Ransomware Group

Forrec S.P.A., an Italian company specializing in the design and manufacture of advanced machinery for waste treatment and recycling, has fallen victim to a ransomware attack by the BlackSuit group. The attackers have claimed responsibility for the breach on their dark web leak site, asserting that they have released the company's data.

About Forrec S.P.A.

Established in 2007, Forrec S.P.A. has rapidly grown to become a significant player in the waste management sector. The company is headquartered in Santa Giustina in Colle, Italy, and employs over 90 individuals at its main facility, with an additional 50 employees at its Serbian branch. Forrec's operations span four main segments: research, design, construction of shredders and grinders, and the provision of tailored technological solutions for various types of solid waste. Their innovative approach and commitment to quality have earned them a strong international presence, with sales offices and partnerships across Brazil, North America, and several European nations.

Attack Overview

The BlackSuit ransomware group has claimed responsibility for the attack on Forrec S.P.A., stating that they have exfiltrated and released sensitive company data. The attack was publicized on the group's dark web leak site, a common tactic used by ransomware operators to pressure victims into paying the ransom. The exact details of the data compromised and the ransom demanded have not been disclosed.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victims to contact the operators. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting that BlackSuit may be a new variant developed by the same authors or an affiliate of the Royal ransomware gang.

Potential Vulnerabilities

Forrec S.P.A.'s extensive international operations and reliance on advanced technological solutions for waste management may have made them an attractive target for ransomware groups like BlackSuit. The company's significant digital footprint and the critical nature of its services could have provided multiple entry points for the attackers. Additionally, the interconnected nature of their operations across various countries might have exposed them to vulnerabilities in their cybersecurity defenses.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.