BlackSuit attacks Precision Pulley and Idler Company

Incident Date: Apr 18, 2024

Attack Overview

VICTIM

Precision Pulley and Idler Company

INDUSTRY

Manufacturing

LOCATION

USA

ATTACKER

Black Suit

FIRST REPORTED

April 18, 2024

Request Removal

BlackSuit Ransomware Gang Targets Precision Pulley & Idler

Overview

The BlackSuit ransomware gang has attacked Precision Pulley & Idler, although no further information has been disclosed. Precision Pulley & Idler is the industry leader in conveying components, with over a million square feet of manufacturing space and 25 global facilities. It aims to provide quality products at a competitive price with unbeatable customer service. It services a diverse group of industries, including aggregate, mining, forestry, grain, unit handling, and food processing.

Background

BlackSuit is a recently emerged ransomware group and strain that bears a striking resemblance to the Royal ransomware gang, the successor of the infamous Russian-linked Conti operation. Previous reports have been made on the Windows and Linux variants of Royal. Similar to Royal, BlackSuit is known for targeting both Windows and Linux systems. The YARA rules for the Linux variant of BlackSuit also match samples of the Royal Linux variant. It has been stated that Royal and BlackSuit share 98% similarity in function, 99.5% similarity in blocks, and 98.9% similarity in jumps based on the BinDiff comparison tool.

Technical Details

Although BlackSuit utilizes command line arguments that function similarly to those used by Royal, the strings employed in the arguments differ. Moreover, BlackSuit uses extra arguments that are not present in Royal ransomware. Regarding the 32-bit Windows variants of BlackSuit and Royal ransomware families, researchers noted 93.2% similarity in functions, 99.3% similarity in basic blocks, and 98.4% in jumps based on BinDiff. While BlackSuit and Royal Windows variants use different argument strings, the purposes of these arguments are similar. Both BlackSuit and Royal utilize OpenSSL's AES for encryption and leverage comparable intermittent encryption techniques for fast and efficient encryption of victim files.

Ransom Note

Once the files are encrypted on a victim machine, BlackSuit appends the .blacksuit extension to encrypted files and presents its ransom note. The ransom note contains the ransomware's TOR chat site and a unique ID for each affected victim. BlackSuit threat actors employ a leaks site and a double extortion model, demanding ransom for unlocking files and not leaking stolen information.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.