BlackSuit functions as ransomware designed to encrypt files within a targeted system. It operates on both Windows and Linux platforms, including VMware ESXi. BlackSuit is developed from the foundation of the
Royal ransomware and shares a substantial portion of its code. Although the two variants of ransomware mainly differ in cosmetic aspects like branding, names of command line parameters, and default lists of excluded files, BlackSuit introduces several additional features that can be activated through extra command line parameters. Similar to Royal, BlackSuit employs the AES-CBC-256 encryption algorithm to secure files. It can encrypt files on local file systems and file shares using intermittent encryption techniques. The encrypted files will have the .blacksuit extension appended to their names, and a ransom note named README.BlackSuit.txt will be placed in each directory containing encrypted files.
BlackSuit Ransomware Download