Herron Todd White Targeted by BlackSuit Ransomware Group

Incident Date:

April 27, 2024

World map



Herron Todd White Targeted by BlackSuit Ransomware Group


Herron Todd White (Australia) Pty Ltd


Black Suit


Sydney, Australia

, Australia

First Reported

April 27, 2024

Ransomware Attack on Herron Todd White by BlackSuit Group

Overview of Herron Todd White

Herron Todd White is a prominent independent property valuation and advisory group based in Australia. Founded in 1968, the company has grown to employ approximately 700 staff across various locations in Australia. As a leader in the property valuation sector, Herron Todd White provides comprehensive services including property valuations, advisory services, and quantity surveying. Their specialization in tax depreciation schedules and replacement cost estimate reports distinguishes them within the industry, offering significant financial benefits to clients.

The company's extensive network and commitment to unbiased valuations underpin its reputation as a trusted advisor in the property sector. Herron Todd White's financial performance and strategic operations are supported by detailed financial documentation and a robust corporate structure, making it a key player in its field.

Details of the Cyber Attack

BlackSuit, the ransomware group, which surfaced in 2023 and shows strong affiliations with the notorious Royal ransomware group, has claimed responsibility for an attack on Herron Todd White. The attack was announced on BlackSuit's dark web leak site, where they disclosed having encrypted valuable data belonging to Herron Todd White and provided a ransom note.

The ransomware specifically targets systems including Windows and Linux, and is capable of crippling VMware ESXi servers, which are critical for virtual infrastructure management. In this attack, files were encrypted with a .blacksuit extension, and a ransom note titled README.BlackSuit.txt was dropped in affected directories, directing victims to a Tor chat site for negotiations.

Implications for Herron Todd White

The data compromised in the attack reportedly includes 279 GB of documents and a 20 GB SQL database containing customer and transaction information. This breach not only threatens the privacy and security of Herron Todd White's clients but also poses significant operational and reputational risks to the company. The exposure of sensitive valuation data and client information could have long-lasting effects on the firm's market position and client trust.

Vulnerabilities and Industry Impact

As a leading entity in the property valuation sector, Herron Todd White's extensive data collection and storage of sensitive financial and personal information make it an attractive target for cybercriminals. The reliance on digital platforms for managing large volumes of data can create potential security vulnerabilities, particularly if not adequately protected. This incident highlights the critical need for robust cybersecurity measures in the property valuation industry, where the confidentiality and integrity of client data are paramount.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.