Ransomware Attack on Reward Hospitality by Blacksuit Group

Overview of Reward Hospitality

Reward Hospitality is a leading distributor of hospitality supplies and commercial catering equipment in the Asia Pacific region, particularly in Australia, New Zealand, and the Pacific Islands. The company operates 26 locations across Australia and employs approximately 1,350 staff members. Reward Hospitality specializes in providing a diverse range of products and services tailored to meet the specific needs of various sectors within the hospitality industry, including commercial kitchen design, equipment supply, tableware, disposables, and catering supplies.

Details of the Ransomware Attack

Reward Hospitality has fallen victim to a ransomware attack orchestrated by the Blacksuit group. The attack has resulted in the leakage of approximately 385 GB of sensitive data. The compromised information spans various critical areas such as finance, human resources, customer details, and working documentation. Specifically, the leaked data includes financial records, HR records, customer information, and working documentation related to various operational aspects.

About the Blacksuit Ransomware Group

Blacksuit is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is known for its targeted attacks on organizations in the US, Japan, Canada, the United Kingdom, Australia, and New Zealand. Blacksuit employs a double extortion tactic, encrypting their victim’s critical data and threatening to publish sensitive data on their public leak site if the ransom is not paid. The group uses sophisticated methods to gain initial access, including spear-phishing campaigns, insider information, and buying network access.

Impact on Reward Hospitality

The ransomware attack has significantly impacted Reward Hospitality's operations and data security, posing serious risks to their financial stability, employee privacy, and customer trust. The exposure of sensitive financial records, HR data, and customer information could lead to severe financial and reputational damage for the company. The attack highlights the vulnerabilities that even well-established companies face in the ever-evolving landscape of cyber threats.

Potential Penetration Methods

Blacksuit could have penetrated Reward Hospitality's systems through various methods, including spear-phishing campaigns targeting employees, exploiting vulnerabilities in the company's network infrastructure, or using insider information to gain access. Once inside, the group likely used tools like QakBot, Mimikatz, and Cobalt Strike Beacons to move laterally and harvest credentials, ultimately exfiltrating and encrypting sensitive data.

Sources

• Reward Hospitality - About Us
• Blackberry - Black Basta
• Flashpoint - Understanding Black Basta Ransomware
• Sangfor - Black Basta Ransomware Attack
• Exponential-e - Black Basta Ransomware Group