The FBI and CISA recently published an update to the joint Cybersecurity Advisory “#StopRansomware: Royal Ransomware.” The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit variants (previously Royal).
FBI investigations identified these TTPs and IOCs as recently as July 2024. See WaterISAC’s coverage of the last two updates to the Joint Advisory. As of August 2024, BlackSuit ransomware attacks have spread across numerous critical infrastructure sectors. BlackSuit conducts data exfiltration and extortion prior to encryption and then publishes victim data to a leak site if a ransom is not paid.
Read more…
Source: Water ISAC
Related:
- Ghana to set up national cyber security council
March 30, 2017
Ghana is to establish a national cyber security council to tackle the increasing rate of cyber crime in the country. The initiative is part of the government’s effort to build a comprehensive cyber security governance arrangement involving all key public and private sector stakeholders. The National Cyber Security Council will be an independent advisory body made ...
- New Clues Surface on Shamoon 2’s Destructive Behavior
March 27, 2017
Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate tools, such as the open source utility PAExec, and ...
- Indian Startup Develops a Next-Gen Cybersecurity Solution on the Blockchain
March 26, 2017
A new innovative prototype startup powered by blockchain technology for cybersecurity has recently launched in India aimed at curbing the global phenomenon of cybercrime. Mumbai-based Block Armour was thought up by Narayan Neelakantan, former CISO and Head of IT Risk and Compliance with India’s National Stock Exchange (NSE) and Floyd DCosta, who has a background in ...
- Apple Pressured to Pay Ransom by Hackers Threatening to Remotely Wipe iPhones
March 22, 2017
Apple is currently under pressure to pay a ransom to a group of hackers who are threatening to remotely wipe iPhones. It seems the hackers are identifying themselves as “Turkish Crime Family.” Taking into account just how big Apple is and how deep its pockets go, the hackers only demanded $75,000 in Bitcoin or Ethereum, another ...
- New Spam Campaign via Necurs Botnet Tries to Manipulate the Stock Market
March 21, 2017
The Necurs botnet is known as the largest spam botnet in the world, particularly for distributing Locky ransomware and Dridex. Now, it looks like Necurs is taking on a new role as someone tries to manipulate the stock market. The discovery was made by Cisco’s threat intelligence organization Talos, which notes that after being offline for ...
- Cyber Firm at Center of Russian Hacking Charges Misread Data
March 21, 2017
An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election. The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with ...

