BlackSuit Ransomware Group Targets Academy of Model Aeronautics

The Academy of Model Aeronautics (AMA), a prominent non-profit organization based in Muncie, Indiana, has recently fallen victim to a ransomware attack orchestrated by the BlackSuit ransomware group. This incident highlights the increasing threat of ransomware attacks across various sectors, including organizations dedicated to niche hobbies and recreational activities.

About the Academy of Model Aeronautics

Founded in 1936, the AMA is the world's largest sport aviation organization, representing approximately 200,000 members across 2,400 clubs in the United States and Puerto Rico. The organization is dedicated to promoting model aviation as both a sport and a recreational activity. It offers a range of services, including insurance coverage for model aircraft operators, educational initiatives through the AMA Flight School, and advocacy with regulatory bodies like the Federal Aviation Administration (FAA).

The AMA's headquarters is located at 5161 E Memorial Dr, Muncie, Indiana, and it employs around 32 people. The organization generates an estimated revenue of approximately $5.5 million, which supports its various programs, including competitions, educational initiatives, and STEM outreach programs.

Details of the Ransomware Attack

The BlackSuit ransomware group has claimed responsibility for the attack on the AMA via their dark web leak site. The cybercriminals assert that they have successfully infiltrated the organization's systems and accessed sensitive data. The attack involved encrypting files and appending the .blacksuit extension, accompanied by a ransom note named README.BlackSuit.txt, which directs victims to a Tor chat site for further communication.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. The ransomware targets both Windows and Linux systems, including VMware ESXi servers. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting that BlackSuit may be a new variant developed by the same authors, a copycat, or an affiliate of the Royal ransomware gang.

Potential Vulnerabilities and Penetration

The AMA, like many organizations, may have vulnerabilities that can be exploited by sophisticated ransomware groups. These vulnerabilities could include outdated software, insufficient cybersecurity measures, or lack of employee training on phishing and other cyber threats. The exact method of penetration in this case remains unclear, but common tactics include phishing emails, exploiting unpatched software vulnerabilities, and leveraging weak or compromised credentials.

This attack on the AMA underscores the critical need for enhanced cybersecurity measures, even for organizations that may not traditionally be seen as high-value targets. The increasing sophistication of ransomware groups like BlackSuit highlights the importance of vigilance and proactive defense strategies in the ever-evolving landscape of cyber threats.

Sources

• Academy of Model Aeronautics
• Security Affairs
• Bleeping Computer
• ZoomInfo
• Bloomberg