Ransomware Attack Hits Aiken Housing Authority by BlackSuit Group

Incident Date: Aug 03, 2024

Attack Overview
VICTIM
Aiken Housing Authority
INDUSTRY
Government
LOCATION
USA
ATTACKER
Black Suit
FIRST REPORTED
August 3, 2024

Ransomware Attack on Aiken Housing Authority by BlackSuit Group

The Aiken Housing Authority (AHA), a pivotal organization in Aiken County, South Carolina, has recently fallen victim to a ransomware attack orchestrated by the BlackSuit group. The attack, discovered on August 5, has raised significant concerns about the security of sensitive information managed by the organization.

About Aiken Housing Authority

The Aiken Housing Authority is dedicated to providing and managing housing opportunities for residents of Aiken County. The organization focuses on offering quality, stable, and sustainable housing solutions in a non-discriminatory manner. AHA manages several housing facilities, including Hahn Village, Bradby Homes, Stoney Gallman Townhomes, and Villa Oaks. Additionally, AHA is involved in various community programs, such as the U.S. Department of Labor’s Workforce Investment Act (WIA) program and the U.S. Department of Agriculture’s Summer Food Service program.

As a public entity subsidized by the U.S. Department of Housing and Urban Development (HUD), AHA is subject to the South Carolina Freedom of Information Act. This makes it a potential target for cybercriminals due to the sensitive nature of the data it handles, including personal information of applicants and residents.

Attack Overview

The ransomware attack on AHA was executed by the BlackSuit group, a new ransomware family that emerged in 2023. The attack has compromised the organization's systems, although the exact size of the data leak remains unknown. The BlackSuit ransomware targets both Windows and Linux systems, including VMware ESXi servers, and appends the .blacksuit extension to encrypted files. A ransom note named README.BlackSuit.txt is dropped in each affected directory, directing victims to a Tor chat site for further communication.

About BlackSuit Ransomware Group

BlackSuit is closely related to the notorious Royal ransomware group, with significant similarities in code and functionality. Researchers have found a 98% similarity in functions and 99.5% similarity in code blocks between BlackSuit and Royal ransomware. This suggests that BlackSuit could be a new variant developed by the same authors, a copycat using similar code, or an affiliate of the Royal ransomware gang. The group targets both Windows and Linux systems, making it a versatile and significant threat.

Potential Vulnerabilities

The Aiken Housing Authority's role as a public entity managing sensitive personal information makes it a prime target for ransomware attacks. The organization's compliance with the South Carolina Freedom of Information Act means it holds a wealth of data that could be exploited by cybercriminals.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.