Skip to main content
Published Mar 26, 2024 | Updated May 13, 2024

Ransom:Win32/BlackSuit.RHA!MTB

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

BlackSuit encrypts the data on your disk and can prevent device use or access to data. The ransomware encrypts files, renders them inaccessible, and demands payment for the decryption key. BlackSuit lets threat actors customize actions based on the actor’s goals for the target.

To mitigate the issue, follow these steps:

  • Apply security updates promptly, especially for the specified vulnerabilities, on all applications and operating systems. Consult the Microsoft Security Update Guide for comprehensive information on available Microsoft Security updates.
  • Follow the principle of least privilege and maintain credential hygiene. Avoid using domain-wide, admin-level service accounts. Restrict local administrative privileges to mitigate the potential installation of remote access trojans (RATs) and other undesirable applications.
  • Network segmentation is useful in constraining the propagation of malware infections. The process involves partitioning a network into smaller segments, effectively confining an infection to a single segment rather than permitting its unrestricted spread across the entire network.
  • Promote the use of Microsoft Edge and other web browsers that support SmartScreen, a feature identifying and blocking malicious websites, including phishing sites, scam sites, and those hosting exploits or malware.
  • Block the launch of downloaded executable content by disabling JavaScript or VBScript.
Follow us