BlackSuit Ransomware Hits Peregrine Petroleum, Steals 202GB of Sensitive Data

Incident Date: Jun 15, 2024

Attack Overview

VICTIM

Peregrine Petroleum

INDUSTRY

Energy, Utilities & Waste

LOCATION

USA

ATTACKER

Black Suit

FIRST REPORTED

June 15, 2024

Request Removal

Ransomware Attack on Peregrine Petroleum by BlackSuit

Overview of Peregrine Petroleum

Peregrine Petroleum, headquartered in Dallas, Texas, is a prominent player in the oil and gas industry. The company specializes in the exploration, development, and production of hydrocarbon resources, focusing on projects in the Gulf of Mexico and onshore areas. With approximately 25 employees and generating around $17 million in revenue, Peregrine Petroleum stands out due to its advanced use of seismic technology and re-processing for prospecting and acquiring equity in prospective projects.

Details of the Ransomware Attack

The ransomware group BlackSuit has claimed responsibility for a significant cyberattack on Peregrine Petroleum. The breach resulted in the theft of 202 gigabytes of data, including 178 gigabytes from various operational directories and 24 gigabytes from a private SQL database. The compromised data was stored across multiple directories on their internal network, specifically organized under administrative, financial, HR, and shared company resources. Sensitive folders such as Acquisitions, Budget-Planning, Accounting Records, and Employee Files were also affected.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt in each affected directory. The note includes a reference to a Tor chat site for victim communication. Researchers have found a high degree of similarity between BlackSuit and Royal ransomware, suggesting a possible connection or shared origin.

Penetration and Vulnerabilities

Peregrine Petroleum's detailed online exposure through its website and LinkedIn profile made it particularly vulnerable to cyberattacks. The ransomware group likely exploited these vulnerabilities to penetrate the company's systems. The attack underscores the importance of robust cybersecurity measures, especially for companies in critical sectors like oil and gas.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.