Ransomware Attack on Reward Hospitality by Blacksuit Group Exposes 385GB of Data

Incident Date:

July 20, 2024

World map

Overview

Title

Ransomware Attack on Reward Hospitality by Blacksuit Group Exposes 385GB of Data

Victim

Reward Hospitality

Attacker

Black Suit

Location

Yatala, Australia

, Australia

First Reported

July 20, 2024

Ransomware Attack on Reward Hospitality by Blacksuit Group

Overview of Reward Hospitality

Reward Hospitality is a leading distributor of hospitality supplies and commercial catering equipment in the Asia Pacific region, particularly in Australia, New Zealand, and the Pacific Islands. The company operates 26 locations across Australia and employs approximately 1,350 staff members. Reward Hospitality specializes in providing a diverse range of products and services tailored to meet the specific needs of various sectors within the hospitality industry, including commercial kitchen design, equipment supply, tableware, disposables, and catering supplies.

Details of the Ransomware Attack

Reward Hospitality has fallen victim to a ransomware attack orchestrated by the Blacksuit group. The attack has resulted in the leakage of approximately 385 GB of sensitive data. The compromised information spans various critical areas such as finance, human resources, customer details, and working documentation. Specifically, the leaked data includes financial records, HR records, customer information, and working documentation related to various operational aspects.

About the Blacksuit Ransomware Group

Blacksuit is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is known for its targeted attacks on organizations in the US, Japan, Canada, the United Kingdom, Australia, and New Zealand. Blacksuit employs a double extortion tactic, encrypting their victim’s critical data and threatening to publish sensitive data on their public leak site if the ransom is not paid. The group uses sophisticated methods to gain initial access, including spear-phishing campaigns, insider information, and buying network access.

Impact on Reward Hospitality

The ransomware attack has significantly impacted Reward Hospitality's operations and data security, posing serious risks to their financial stability, employee privacy, and customer trust. The exposure of sensitive financial records, HR data, and customer information could lead to severe financial and reputational damage for the company. The attack highlights the vulnerabilities that even well-established companies face in the ever-evolving landscape of cyber threats.

Potential Penetration Methods

Blacksuit could have penetrated Reward Hospitality's systems through various methods, including spear-phishing campaigns targeting employees, exploiting vulnerabilities in the company's network infrastructure, or using insider information to gain access. Once inside, the group likely used tools like QakBot, Mimikatz, and Cobalt Strike Beacons to move laterally and harvest credentials, ultimately exfiltrating and encrypting sensitive data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.