Frank Miller Lumber Hit by BlackSuit Ransomware

Incident Date:

May 9, 2024

World map



Frank Miller Lumber Hit by BlackSuit Ransomware


Frank Miller Lumber


Black Suit


Union City, USA

Indiana, USA

First Reported

May 9, 2024

Ransomware Attack on Frank Miller Lumber by BlackSuit

Victim Profile

Frank Miller Lumber, a family-run business based in Union City, Indiana, specializes in the manufacture of quartersawn hardwood lumber, focusing on white and red oak, cherry, and hard maple. With over a century of operation, the company employs approximately 200 hardwood specialists at its original mill location.

Company Standout

Frank Miller Lumber stands out in the industry for its commitment to product excellence, integrity, and community service. It is one of the world's largest quartersawn hardwood lumber producers, known for its strategic location in Indiana that allows for efficient global shipping of its products.


The company was targeted in a cybercrime attack by the entity known as "Black Suit." The attack involved the use of ransomware, a malicious software that encrypts files and demands payment for their release. This attack likely impacted the company's website leading to disruptions in their online operations and potentially putting sensitive information at risk.The company's reliance on digital systems for operations and communication could have made it susceptible to cyber attacks.

Ransomware Group BlackSuit

BlackSuit is a ransomware group that emerged in 2023, closely related to the notorious Royal ransomware group. The attack on Frank Miller Lumber involved encrypting files and demanding payment for their release. BlackSuit targets both Windows and Linux systems, including critical VMware ESXi servers, posing a significant threat to organizations like Frank Miller Lumber.


Frank Miller Lumber Website

Security Affairs - BlackSuit Ransomware Attack

Bleeping Computer - Ransomware Attack Trends

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.