Ransomware Hits Bettis Asphalt: BlackSuit Group Claims Attack
Incident Date:
August 3, 2024
Overview
Title
Ransomware Hits Bettis Asphalt: BlackSuit Group Claims Attack
Victim
Bettis Asphalt & Construction, Inc.
Attacker
Black Suit
Location
First Reported
August 3, 2024
Ransomware Attack on Bettis Asphalt & Construction, Inc.
Bettis Asphalt & Construction, Inc., a family-owned company based in Topeka, Kansas, has recently fallen victim to a ransomware attack by the BlackSuit group. Established in 1979, Bettis Asphalt & Construction specializes in hot mix asphalt paving and maintenance, concrete pavement construction, and bridge repair. The company is part of the larger Bettis Companies, which includes various other construction and materials businesses.
Company Overview
Bettis Asphalt & Construction employs approximately 31 people and reported a revenue of $19.3 million. The company is known for its commitment to quality, safety, and customer satisfaction. They utilize advanced technologies such as Trimble GPS and Robotic Total Station Technology to enhance the accuracy and efficiency of their projects. Their services extend across Kansas, Oklahoma, and the broader Midwest region, catering to a wide range of clients, including highways, streets, airports, and large industrial parks.
Details of the Attack
The BlackSuit ransomware group has claimed responsibility for the attack on Bettis Asphalt & Construction via their dark web leak site. The cybercriminals allege that they have gained access to sensitive data, potentially compromising the company's operations and client information. The attack has raised concerns about the vulnerabilities in the company's cybersecurity measures, particularly given their reliance on advanced technologies for project execution.
About BlackSuit Ransomware Group
BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. It appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting that BlackSuit could be a new variant developed by the same authors or an affiliate of the Royal ransomware gang.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.