Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Arkham Says $3.5B LuBian Bitcoin Theft Went Undetected for Nearly Five Years
August 2, 2025
A crypto wallet tied to a little-known Chinese mining pool may have been the victim of the largest bitcoin theft ever recorded, according to new findings from Arkham Intelligence. n an Aug. 2 thread on X, the onchain analytics firm said it had uncovered evidence that 127,426 BTC — worth $3.5 billion at the time — ...
- Luxembourg: Cybercriminals stole thousands from BIL customers using phishing scam
August 2, 2025
After cybercriminals stole thousands from BIL customers using a fake website, the banking association maintains that digital banking tools remain safe, but users must stay vigilant. In the wake of a sophisticated phishing scheme that led to major financial losses for dozens of BIL customers, The Luxembourg Banker’s Association (ABBL) is defending the security of the ...
- Ransomware attacks cripple government services across Dutch Caribbean islands
August 2, 2025
Several major government institutions across the Caribbean part of the Kingdom of the Netherlands were hit by cyberattacks last week, including a ransomware attack on Curaçao’s Tax and Customs Administration that temporarily disabled critical services, NOS reports. According to Curaçao’s Minister of Finance, ransomware was used in the attack on the tax authority. After the breach ...
- Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
August 1, 2025
In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs. While credential access through brute force, dictionary attacks, and credential stuffing have not yet ...
- Ransomware gangs are now expanding to physical threats in the real world
August 1, 2025
Ransomware gangs seem to be getting desperate when it comes to getting results, as besides encrypting and leaking data on the web, they’ve also started threatening CEOs with physical violence. Cybersecurity researchers Semperis claim over the past 12 months, in 40% of ransomware incidents, the CEOs of the affected company were also physically threatened – which ...
- Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
July 31, 2025
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. ApolloShadow has the capability to install a trusted root certificate to trick devices into trusting malicious actor-controlled sites, enabling ...