Ransomware Attack Hits Aiken Housing Authority by BlackSuit Group
Incident Date:
August 3, 2024
Overview
Title
Ransomware Attack Hits Aiken Housing Authority by BlackSuit Group
Victim
Aiken Housing Authority
Attacker
Black Suit
Location
First Reported
August 3, 2024
Ransomware Attack on Aiken Housing Authority by BlackSuit Group
The Aiken Housing Authority (AHA), a pivotal organization in Aiken County, South Carolina, has recently fallen victim to a ransomware attack orchestrated by the BlackSuit group. The attack, discovered on August 5, has raised significant concerns about the security of sensitive information managed by the organization.
About Aiken Housing Authority
The Aiken Housing Authority is dedicated to providing and managing housing opportunities for residents of Aiken County. The organization focuses on offering quality, stable, and sustainable housing solutions in a non-discriminatory manner. AHA manages several housing facilities, including Hahn Village, Bradby Homes, Stoney Gallman Townhomes, and Villa Oaks. Additionally, AHA is involved in various community programs, such as the U.S. Department of Labor’s Workforce Investment Act (WIA) program and the U.S. Department of Agriculture’s Summer Food Service program.
As a public entity subsidized by the U.S. Department of Housing and Urban Development (HUD), AHA is subject to the South Carolina Freedom of Information Act. This makes it a potential target for cybercriminals due to the sensitive nature of the data it handles, including personal information of applicants and residents.
Attack Overview
The ransomware attack on AHA was executed by the BlackSuit group, a new ransomware family that emerged in 2023. The attack has compromised the organization's systems, although the exact size of the data leak remains unknown. The BlackSuit ransomware targets both Windows and Linux systems, including VMware ESXi servers, and appends the .blacksuit extension to encrypted files. A ransom note named README.BlackSuit.txt is dropped in each affected directory, directing victims to a Tor chat site for further communication.
About BlackSuit Ransomware Group
BlackSuit is closely related to the notorious Royal ransomware group, with significant similarities in code and functionality. Researchers have found a 98% similarity in functions and 99.5% similarity in code blocks between BlackSuit and Royal ransomware. This suggests that BlackSuit could be a new variant developed by the same authors, a copycat using similar code, or an affiliate of the Royal ransomware gang. The group targets both Windows and Linux systems, making it a versatile and significant threat.
Potential Vulnerabilities
The Aiken Housing Authority's role as a public entity managing sensitive personal information makes it a prime target for ransomware attacks. The organization's compliance with the South Carolina Freedom of Information Act means it holds a wealth of data that could be exploited by cybercriminals.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.