Ransomware Attack on Young Consulting Inc. by BlackSuit Group
Incident Date:
May 7, 2024
Overview
Title
Ransomware Attack on Young Consulting Inc. by BlackSuit Group
Victim
Young Consulting Inc.
Attacker
Black Suit
Location
First Reported
May 7, 2024
Ransomware Attack on Young Consulting Inc. by BlackSuit Group
Victim Profile
Youth Consulting Inc., a market leader in providing software solutions to the employer stop loss marketplace, focuses on developing integrated software solutions for marketing, underwriting, and administering medical stop loss insurance for Carriers, Brokers, and Third Party Administrators. The company is relatively small with 1 to 50 employees and generates revenue in the range of $1 to $5 million USD.
Vulnerabilities
The company's specialization in providing software solutions for the insurance sector makes them a prime target for threat actors like the BlackSuit ransomware group. Their access to sensitive information such as contracts, contacts, financial records, and employee data makes them vulnerable to cyber attacks seeking to exploit and monetize this data.
Ransomware Group Profile
BlackSuit is a new ransomware family closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including critical VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. BlackSuit has significant similarities to Royal ransomware, indicating a potential connection between the two groups.
Attack Details
The cybercrime attack on Young Consulting by BlackSuit resulted in the compromise of sensitive information including contracts, contacts, planning, presentations, employee data (passports, contracts, contacts, family details, medical examinations), and financial records (audits, reports, payments, contracts). The ransom demand amount remains undisclosed.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.