Malware
Explosive BlackSuit Ransomware Breach: 950,000 Records Stolen from Software Vendor
BlackSuit ransomware has stolen data from 950,000 customers of Canadian software vendor, VerticalScope. The cybercriminals demanded a ransom in exchange for not leaking the information. VerticalScope chose not to pay, leading to the data being leaked on a hacker forum. The exposed data includes email addresses, usernames, and IP addresses.
It’s a nightmare scenario that happened to nearly a million people: their personal information was exposed in a ransomware attack on an Atlanta-based software solutions provider, Young Consulting, now known as Connexure. The company specializes in employer stop-loss insurance, assisting carriers, brokers, and third-party administrators with all aspects of managing these policies.
On April 10, 2024, cybercriminals infiltrated the company’s network, encrypting its systems and stealing sensitive information. The breach was discovered three days later, and a thorough investigation took place. It concluded on June 28, revealing that the compromised data included full names, Social Security numbers (SSNs), dates of birth, and insurance claim information for 954,177 individuals.
What’s being done to help those affected?
Young Consulting has started sending out notices of the data breach to the victims, some of whom are members of the Blue Shield of California. To help protect their identity and finances, those impacted will be given free-of-charge access to a 12-month complimentary credit monitoring service through Cyberscout. They have until the end of November 2024 to claim this service.
The cybercriminals have already leaked the data
Unfortunately, the cybercriminal group known as BlackSuit has already leaked the stolen data on its darknet-based extortion portal. This means that the affected individuals should act quickly to secure their credit monitoring service and remain vigilant for unsolicited communications, phishing messages, scam attempts, and requests for additional information.
BlackSuit took responsibility for the attack on Young Consulting on May 7, and a few weeks later, they leaked the stolen data after presumably failing to extort the company. The data they claim to have leaked includes much more than what Young Consulting disclosed in their notices, such as business contracts, contacts, presentations, employee passports, family details, medical examinations, financial audits, reports, payments, and various content taken from personal folders and network shares.
BlackSuit’s devastating impact on American organizations
BlackSuit has caused significant financial damage to American organizations this year, with CDK Global being one of the most notable victims. The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported earlier this month that BlackSuit is a rebrand of Royal ransomware, having made over $500 million in ransom demands over the past two years.
Protect yourself and your organization from ransomware attacks
This incident is a stark reminder of the importance of cybersecurity and the need to stay informed about the latest threats and best practices. To protect yourself and your organization from ransomware attacks, it’s crucial to invest in robust cybersecurity measures and educate yourself on emerging risks. Don’t hesitate to reach out to us to learn more about how to safeguard your sensitive information and stay ahead of cyber threats. Remember: knowledge is power!