Ransomware Attack on Young Consulting Inc. by BlackSuit Group

Victim Profile

Youth Consulting Inc., a market leader in providing software solutions to the employer stop loss marketplace, focuses on developing integrated software solutions for marketing, underwriting, and administering medical stop loss insurance for Carriers, Brokers, and Third Party Administrators. The company is relatively small with 1 to 50 employees and generates revenue in the range of $1 to $5 million USD.

Vulnerabilities

The company's specialization in providing software solutions for the insurance sector makes them a prime target for threat actors like the BlackSuit ransomware group. Their access to sensitive information such as contracts, contacts, financial records, and employee data makes them vulnerable to cyber attacks seeking to exploit and monetize this data.

Ransomware Group Profile

BlackSuit is a new ransomware family closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including critical VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. BlackSuit has significant similarities to Royal ransomware, indicating a potential connection between the two groups.

Attack Details

The cybercrime attack on Young Consulting by BlackSuit resulted in the compromise of sensitive information including contracts, contacts, planning, presentations, employee data (passports, contracts, contacts, family details, medical examinations), and financial records (audits, reports, payments, contracts). The ransom demand amount remains undisclosed.

Sources:

• Young Consulting Inc. Website
• Security Affairs - BlackSuit Ransomware
• Bleeping Computer - Ransomware Attack