Young Consulting hit by BlackSuit ransomware, exposing 954K+ individuals' data. Learn how to protect against future threats

Continue reading
Young Consulting, now operating under the name Connexure, recently detected a data breach affecting 954,177 individuals following a ransomware attack executed by the notorious BlackSuit group on April 10, 2024. The Atlanta-based software solutions provider, specializing in employer stop-loss insurance, assists insurance carriers, brokers, and third-party administrators in managing and underwriting stop-loss policies.
The breach was initially discovered on April 13, 2024, when Young Consulting's systems were encrypted by the attackers. Following a comprehensive investigation completed on June 28, 2024, it was confirmed that sensitive information, including full names, Social Security numbers (SSNs), dates of birth, and insurance claim data, had been compromised.
In response to the breach, Young Consulting is offering affected individuals a 12-month complimentary credit monitoring service through Cyberscout. It is crucial for those impacted to enroll in this service before the November 2024 deadline, as BlackSuit has already leaked the stolen data on its darknet-based extortion portal.
Affected parties should remain vigilant for phishing attempts, unsolicited communications, and fraudulent schemes. The attackers began leaking data in May 2024, after Young Consulting presumably refused to comply with ransom demands. Among the leaked data, BlackSuit claims to have disclosed not only the personal details mentioned in the breach notifications but also sensitive business-related information, including contracts, financial reports, and even employee passports.
The BlackSuit ransomware group, believed to be a rebrand of the infamous Royal ransomware, has been particularly active in 2024, causing widespread disruption and financial damage.
Notably, BlackSuit's attack on CDK Global earlier this year led to significant operational outages and financial loss.
According to a joint report by CISA and the FBI, BlackSuit has extorted over $500 million from its victims in the past two years.
Security professionals must prioritize the implementation of advanced threat detection and response systems to mitigate the risks posed by sophisticated ransomware groups like BlackSuit.
For security professionals and technical stakeholders, understanding the technicalities behind such attacks is vital. BlackSuit is known for leveraging advanced encryption algorithms, often AES-256, to lock down critical systems.
Once access is gained, the group typically exfiltrates large volumes of data before initiating the encryption process, ensuring maximum leverage over their victims.
To prevent such breaches, organizations should adopt a zero-trust architecture, ensuring that all internal and external communications are subject to strict authentication and verification processes.
Regularly updated intrusion detection systems (IDS) and endpoint detection and response (EDR) tools can also play a critical role in identifying and neutralizing threats before they escalate.
Moreover, regular security audits and employee training programs focused on recognizing phishing attempts and other social engineering tactics can significantly reduce the risk of successful ransomware attacks.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been