Cybercriminals are exploiting the popularity of Zoom by distributing fake installer applications that deliver the BlackSuit Ransomware.

The attacks target Windows users, deceiving them into downloading the malware from a fraudulent website that mimics Zoom’s official site.

The BlackSuit ransomware, known for its destructive capabilities, has previously targeted critical infrastructure sectors including schools and healthcare organizations.

Once installed, the malware lies dormant for several days before launching a coordinated attack that involves exfiltrating sensitive data, encrypting files, and demanding a ransom for data recovery.

Researchers have identified the fraudulent website, zoommanager[.]com, as the source of the malicious installer.

The malware disables Windows Defender, operates undetected, and retrieves additional payloads through unconventional channels, such as a Steam Community page.

To further evade detection, the attack involves installing both a genuine Zoom installer and the malicious software, with the latter injecting itself into the legitimate Microsoft process, MSBuild.exe.

The BlackSuit ransomware gang emerged in early 2023 and has established a track record of high-profile attacks.

Notable incidents include a 2024 attack on the Kershaw County School District (KCSD) in South Carolina, where 17GB of data was reportedly stolen, and a crippling ransomware attack on CDK Global, which disrupted operations at US car dealerships.

The gang also targeted the Kansas City Police Department (KCKPD), leaking sensitive law enforcement data after the department refused to pay a ransom.

More recently, BlackSuit is alleged to have breached Kansas City Hospice.

Cybersecurity experts warn that the BlackSuit campaign demonstrates the increasing sophistication of ransomware threats.

They advise IT leaders to implement robust security measures, including strict software verification protocols, endpoint detection and response (EDR) solutions, proactive threat detection and incident response plans, comprehensive data protection and segmentation strategies, and thorough employee security awareness training.