Security News > 2023 > June > New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal.

Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an "Extremely high degree of similarity" between Royal and BlackSuit.

"In fact, they're nearly identical, with 98% similarities in functions, 99.5% similarities in blocks, and 98.9% similarities in jumps based on BinDiff, a comparison tool for binary files," Trend Micro researchers noted.

The latest findings from Trend Micro show that, both BlackSuit and Royal use OpenSSL's AES for encryption and utilize similar intermittent encryption techniques to speed up the encryption process.

"The emergence of BlackSuit ransomware indicates that it is either a new variant developed by the same authors, a copycat using similar code, or an affiliate of the Royal ransomware gang that has implemented modifications to the original family," Trend Micro said.

Given that Royal is an offshoot of the erstwhile Conti team, it's also possible that "BlackSuit emerged from a splinter group within the original Royal ransomware gang," the cybersecurity company theorized.

News URL

https://thehackernews.com/2023/06/new-linux-ransomware-strain-blacksuit.html