Significant similarities between BlackSuit, Royal ransomware strains discovered

The new BlackSuit ransomware has been found to be significantly similar to the Royal ransomware family, The Hacker News reports. Trend Micro researchers who used BinDiff discovered that compared with Royal ransomware, BlackSuit's Linux version had 98%, 99.5%, and 98.9% function, block, and jump similarities, respectively, while the novel ransomware strain's Windows variant had 93.2%, 99.3%, 98.4% function, block, and jump resemblance, respectively. While both are double extortion operations that similarly leverage OpenSSL AES and other intermittent encryption approaches, BlackSuit has been noted to have more command-line arguments, as well as circumvent the different types of files in the enumeration and encryption process. "The emergence of BlackSuit ransomware (with its similarities to Royal) indicates that it is either a new variant developed by the same authors, a copycat using similar code, or an affiliate of the Royal ransomware gang that has implemented modifications to the original family," said Trend Micro.