Deep Dive: Exposing Stealthy New BlackSuit Ransomware

This report documents the BlackSuit ransomware campaign: describing executable masking, supported command-line options (encryption modes, VM-killing, self-deletion, partial encryption), destructive actions (vssadmin shadow deletion), common infection vectors (RDP, VPN/firewall exploits, malicious attachments, torrents, malicious ads), associated offensive tools (Cobalt Strike, Mimikatz, Rclone, etc.), a public leak site for exfiltrated data, and multiple IOCs (file hashes, ransom note filenames, mutex) to aid detection and response.