The Reveal Platform
Intel Name: Blacksuit: a hybrid approach with data exfiltration and encryption
Date of Scan: July 16, 2025
Impact: Medium
Summary: This report examines a recent ransomware attack by the BlackSuit group, a successor to the Royal ransomware family. Known for its hybrid tactics, BlackSuit combines data exfiltration with encryption, using advanced tools like PsExec, Cobalt Strike, RDP, and rclone to execute commands, move laterally, and extract data. The group re-emerged in 2024 with heightened sophistication, demanding ransoms between $1M–$10M in Bitcoin. Notably, ransom demands are withheld from initial notes, requiring victims to negotiate via TOR-based communication, signaling a shift in ransomware negotiation strategy and operational complexity.
