http://www.kcac.com ransomware attack (BlackSuit, 2025)
http://www.kcac.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-06-02.
- Victim
- http://www.kcac.com
Incidents attributed to:
http://www.kcac.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-06-02.
http://metromont.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.
http://www.innsofaurora.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-29.
http://www.gloucesterva.gov was named on the BlackSuit ransomware data-leak (extortion) site on 2025-05-15.
https://fortunesociety.org/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.
https://www.pacmet.com was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-24.
https://www.mmwec.org was named on the BlackSuit ransomware data-leak (extortion) site on 2025-04-05.
https://www.orangeville.ca was named on the BlackSuit ransomware data-leak (extortion) site on 2025-03-21.
https://www.dapope.com/ was named on the BlackSuit ransomware data-leak (extortion) site on 2025-02-17.
BlackSuit operators encrypted CDK Global's dealer-management platform, knocking ~15,000 North American car dealerships offline for nearly two weeks. A second attack hit on day two of recovery. Industry losses estimated at over $1 billion; CDK reportedly paid a $25 million ransom.
Phishing access let BlackSuit (Russian-linked) encrypt KADOKAWA's infrastructure and the Niconico video-sharing platform, taking services offline for two months. KADOKAWA paid ~$2.9M in cryptocurrency — and BlackSuit leaked the stolen 1.5 TB anyway.