MorningStar Senior Living Hit by BlackSuit Ransomware Attack
Incident Date:
August 31, 2024
Overview
Title
MorningStar Senior Living Hit by BlackSuit Ransomware Attack
Victim
MorningStar Senior Living
Attacker
Black Suit
Location
First Reported
August 31, 2024
Ransomware Attack on MorningStar Senior Living by BlackSuit
MorningStar Senior Living, a prominent provider of senior living solutions in the United States, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as BlackSuit. The attack has compromised critical directories and files within the company's network, affecting various departments including HR, management, finance, and IT.
About MorningStar Senior Living
Founded in 2003 by Ken Jaeger, MorningStar Senior Living operates over 40 communities across 11 states, offering services such as independent living, assisted living, memory care, and respite care. The company is headquartered in Denver, Colorado, and generates an estimated annual revenue of $52.7 million. MorningStar is known for its mission-driven approach, emphasizing values such as honoring God, valuing all seniors, and investing generously. The organization prides itself on creating warm, family-like environments for its residents.
Attack Overview
The ransomware attack was detected on July 16, with unauthorized access to multiple directories including "All Company," "HR Team," "Management," "Finance," and "Marketing Branding." The attack has also affected the company's website, morningstarseniorliving.com, and potentially disrupted their communication channels. Sensitive information and operational data have been exposed, prompting immediate steps to mitigate the damage and secure the network.
About BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victims to contact the operators. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting that BlackSuit could be a new variant developed by the same authors or an affiliate of the Royal ransomware gang.
Vulnerabilities and Penetration
MorningStar Senior Living's extensive network and the sensitive nature of its data make it a prime target for ransomware attacks. The company's reliance on digital systems for managing resident care, financial transactions, and internal communications presents multiple entry points for cybercriminals. The exact method of penetration by BlackSuit remains unclear, but it likely involved exploiting vulnerabilities in the company's IT infrastructure, possibly through phishing attacks or unpatched software.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.