Yesterday, Evening Post Publishing Inc. began notifying 15,065 of a data breach following a cyber attack in March 2024. Ransomware group, BlackSuit, claimed an attack on the company’s main paper, The Post and Courier, at the time.
In its notification, Evening Post Publishing states that it became aware of “suspicious activity on its network” on March 20, 2024, and determined unauthorized actors accessed its systems between March 13 and March 20. In a statement to DataBreaches.net, BlackSuit claimed to have encrypted the paper’s system on March 14 and also said it had remained in the network for two weeks. It allegedly gained access “through unpatched weak spots discovered on one of the company servers.”
Evening Post Publishing confirms that “certain files were acquired by an unknown actor while on the network” with affected data including: names, Social Security numbers, financial account information, driver’s license numbers, and credit card information.
The paper is offering those affected free access to a year’s worth of CyEx credit monitoring services. We highly recommend those affected use this service while also monitoring accounts for any unauthorized activity.
Evening Post Publishing hasn’t confirmed whether or not this was a ransomware attack nor has it confirmed or denied BlackSuit’s claims. Comparitech has contact the company for comment and will update the article if its responds.
Who is BlackSuit?
BlackSuit first emerged in April 2023 and is a rebrand of the ransomware group, Royal. Since it first emerged as ‘BlackSuit’, we have logged 38 confirmed attacks via this group and 67 unconfirmed attacks.
Yesterday, it was also confirmed to be the group behind the recent attack on the City of Killeen, TX. It has also claimed responsibility for recent attacks on the City of Cedar Falls (US), the National Health Laboratory Service (South Africa), and KADOKAWA Corporation (Japan). It is also rumored to have received a $25 million ransom in its attack on car dealership technology provider, CDK Global.
BlackSuit is a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.
Ransomware attacks in the US
So far this year, we have tracked 294 ransomware attacks on US organizations. These have impacted just over 35.2 million records in total. The average ransom is just under $2.15 million.
We have also noted 1,121 unconfirmed attacks this year so far.
More about Evening Post Publishing Inc.
Based in South Carolina, Evening Post Publishing Inc. is a family-owned media company that publishes The Post and Courier along with a number of other publications, including the Aiken Standard, Summerville Journal Scene, The Gazette, The Berkeley Independent, Moultrie News, The Star, Free Times, Georgetown Times and Kingstree News.
The Post and Courier was originally founded in 1803, making it the second-oldest newspaper in the United States and the oldest in the South.