Ransomware Attack on Reward Hospitality by Blacksuit Group Exposes 385GB of Data
Incident Date:
July 20, 2024
Overview
Title
Ransomware Attack on Reward Hospitality by Blacksuit Group Exposes 385GB of Data
Victim
Reward Hospitality
Attacker
Black Suit
Location
First Reported
July 20, 2024
Ransomware Attack on Reward Hospitality by Blacksuit Group
Overview of Reward Hospitality
Reward Hospitality is a leading distributor of hospitality supplies and commercial catering equipment in the Asia Pacific region, particularly in Australia, New Zealand, and the Pacific Islands. The company operates 26 locations across Australia and employs approximately 1,350 staff members. Reward Hospitality specializes in providing a diverse range of products and services tailored to meet the specific needs of various sectors within the hospitality industry, including commercial kitchen design, equipment supply, tableware, disposables, and catering supplies.
Details of the Ransomware Attack
Reward Hospitality has fallen victim to a ransomware attack orchestrated by the Blacksuit group. The attack has resulted in the leakage of approximately 385 GB of sensitive data. The compromised information spans various critical areas such as finance, human resources, customer details, and working documentation. Specifically, the leaked data includes financial records, HR records, customer information, and working documentation related to various operational aspects.
About the Blacksuit Ransomware Group
Blacksuit is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is known for its targeted attacks on organizations in the US, Japan, Canada, the United Kingdom, Australia, and New Zealand. Blacksuit employs a double extortion tactic, encrypting their victim’s critical data and threatening to publish sensitive data on their public leak site if the ransom is not paid. The group uses sophisticated methods to gain initial access, including spear-phishing campaigns, insider information, and buying network access.
Impact on Reward Hospitality
The ransomware attack has significantly impacted Reward Hospitality's operations and data security, posing serious risks to their financial stability, employee privacy, and customer trust. The exposure of sensitive financial records, HR data, and customer information could lead to severe financial and reputational damage for the company. The attack highlights the vulnerabilities that even well-established companies face in the ever-evolving landscape of cyber threats.
Potential Penetration Methods
Blacksuit could have penetrated Reward Hospitality's systems through various methods, including spear-phishing campaigns targeting employees, exploiting vulnerabilities in the company's network infrastructure, or using insider information to gain access. Once inside, the group likely used tools like QakBot, Mimikatz, and Cobalt Strike Beacons to move laterally and harvest credentials, ultimately exfiltrating and encrypting sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.