BlackSuit Ransomware Hits Pueblo of Pojoaque: Key Details & Impact

Incident Date: Jul 25, 2024

Attack Overview
VICTIM
Pueblo of Pojoaque
INDUSTRY
Hospitality
LOCATION
USA
ATTACKER
Black Suit
FIRST REPORTED
July 25, 2024

Ransomware Attack on Pueblo of Pojoaque by BlackSuit

Overview of the Pueblo of Pojoaque

The Pueblo of Pojoaque, located in northern New Mexico, is a federally recognized Native American tribe known for its rich cultural heritage and economic initiatives. The tribe operates several enterprises, including the Buffalo Thunder Resort and Casino, which significantly contribute to the local and tribal economies. With a tribal enrollment of approximately 482 members and a reservation size of 11,963 acres, the Pueblo is a key player in the region's hospitality sector.

Details of the Ransomware Attack

The ransomware group BlackSuit has claimed responsibility for a cyberattack on the Pueblo of Pojoaque. The attackers have criticized the Pueblo's management for alleged negligence, stating that multiple warnings were ignored. BlackSuit has emphasized that the leadership's inaction demonstrates a prioritization of financial interests over data security. The group has threatened severe consequences if the compromised information is published.

About BlackSuit Ransomware Group

BlackSuit is a new ransomware family that emerged in 2023 and is closely related to the notorious Royal ransomware group. It targets both Windows and Linux systems, including VMware ESXi servers. The ransomware appends the .blacksuit extension to encrypted files and drops a ransom note named README.BlackSuit.txt. Researchers have found significant similarities between BlackSuit and Royal ransomware, suggesting a high degree of code and functionality overlap.

Potential Vulnerabilities

The Pueblo of Pojoaque's extensive involvement in the hospitality sector, including the operation of multiple casinos and resorts, makes it a lucrative target for ransomware groups. The reliance on digital infrastructure for managing these enterprises could have exposed vulnerabilities that BlackSuit exploited. The attackers likely penetrated the systems through unpatched software, weak security protocols, or phishing attacks.

Impact on the Community

The ransomware attack has significant implications for the Pueblo of Pojoaque. The compromised data could include sensitive information about employees, partners, and financial transactions. The attack not only threatens the tribe's economic stability but also its reputation and trust within the community. The management's alleged negligence in addressing cybersecurity threats further exacerbates the situation.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.