Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware
One of the U.S.’s most popular zoos has been hit with a cyberattack involving the theft of employee and vendor information, and a likely offshoot of the Royal ransomware gang is taking credit.
ZooTampa confirmed to Recorded Future News that it recently discovered an incident that impacted its network environment.
“Upon detecting the incident, the Zoo took swift action and promptly engaged third-party forensic specialists to assist us with securing the network environment and investigate the extent of the unauthorized activity. ZooTampa also contacted and are working with federal law enforcement,” a spokesperson said.
The organization notified employees and vendors whose information may have been accessed, while it continues to investigate.
“ZooTampa does not store personal or financial information on daily visitors or members,” they said.
The zoo, which is consistently ranked in the country’s top 10, is run by a nonprofit and was designated a center for Florida wildlife conservation and biodiversity by the state government. It is in the process of raising funds for a $125 million renovation announced in December.
The spokesperson did not respond to further questions about whether the attack involved ransomware, but on July 5 the BlackSuit ransomware gang claimed to have attacked the zoo.
Con … oops … I mean, *Black Suit* has listed #ZooTampa (there’s a pun to be made here, I’m sure – @uuallan? @AShukuhi?) #ransomware #BlackSuit 1/2 pic.twitter.com/FExzpaJ1tU
— Brett Callow (@BrettCallow) July 5, 2023
The group is relatively new, having first appeared in May, and has posted three victims to its extortion site, according to Recorded Future ransomware expert Allan Liska. The Record is an editorially independent unit of Recorded Future.
According to Liska, the group appears to have ties to the Royal ransomware gang, which is responsible for headline-grabbing attacks on the city of Dallas and more. Both BlackSuit and Royal also have ties to the now defunct Conti ransomware group, which disbanded last June and splintered into several new gangs, according to experts.
While the BlackSuit group is new, the operators are likely experienced due to their work with Conti…
