Ransomware Attack on MorningStar Senior Living by BlackSuit

MorningStar Senior Living, a prominent provider of senior living solutions in the United States, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as BlackSuit. The attack has compromised critical directories and files within the company's network, affecting various departments including HR, management, finance, and IT.

About MorningStar Senior Living

Founded in 2003 by Ken Jaeger, MorningStar Senior Living operates over 40 communities across 11 states, offering services such as independent living, assisted living, memory care, and respite care. The company is headquartered in Denver, Colorado, and generates an estimated annual revenue of $52.7 million. MorningStar is known for its mission-driven approach, emphasizing values such as honoring God, valuing all seniors, and investing generously. The organization prides itself on creating warm, family-like environments for its residents.

Attack Overview

The ransomware attack was detected on July 16, with unauthorized access to multiple directories including "All Company," "HR Team," "Management," "Finance," and "Marketing Branding." The attack has also affected the company's website, morningstarseniorliving.com, and potentially disrupted their communication channels. Sensitive information and operational data have been exposed, prompting immediate steps to mitigate the damage and secure the network.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victims to contact the operators. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting that BlackSuit could be a new variant developed by the same authors or an affiliate of the Royal ransomware gang.

Vulnerabilities and Penetration

MorningStar Senior Living's extensive network and the sensitive nature of its data make it a prime target for ransomware attacks. The company's reliance on digital systems for managing resident care, financial transactions, and internal communications presents multiple entry points for cybercriminals. The exact method of penetration by BlackSuit remains unclear, but it likely involved exploiting vulnerabilities in the company's IT infrastructure, possibly through phishing attacks or unpatched software.

• MorningStar Senior Living
• Security Affairs
• Bleeping Computer