Ransomware Attack on Young Consulting Inc. by BlackSuit Group

Incident Date:

May 7, 2024

World map

Overview

Title

Ransomware Attack on Young Consulting Inc. by BlackSuit Group

Victim

Young Consulting Inc.

Attacker

Black Suit

Location

Marietta, USA

Georgia, USA

First Reported

May 7, 2024

Ransomware Attack on Young Consulting Inc. by BlackSuit Group

Victim Profile

Youth Consulting Inc., a market leader in providing software solutions to the employer stop loss marketplace, focuses on developing integrated software solutions for marketing, underwriting, and administering medical stop loss insurance for Carriers, Brokers, and Third Party Administrators. The company is relatively small with 1 to 50 employees and generates revenue in the range of $1 to $5 million USD.

Vulnerabilities

The company's specialization in providing software solutions for the insurance sector makes them a prime target for threat actors like the BlackSuit ransomware group. Their access to sensitive information such as contracts, contacts, financial records, and employee data makes them vulnerable to cyber attacks seeking to exploit and monetize this data.

Ransomware Group Profile

BlackSuit is a new ransomware family closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including critical VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. BlackSuit has significant similarities to Royal ransomware, indicating a potential connection between the two groups.

Attack Details

The cybercrime attack on Young Consulting by BlackSuit resulted in the compromise of sensitive information including contracts, contacts, planning, presentations, employee data (passports, contracts, contacts, family details, medical examinations), and financial records (audits, reports, payments, contracts). The ransom demand amount remains undisclosed.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.