Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Kellogg’s leaks sensitive data after Clop attack
April 8, 2025
WK Kellogg, the company behind the Kellogg’s cereals, has been hit by a major data breach. Cybercriminals from the ransomware group Clop exploited a vulnerability in the software of an external supplier, stealing employees’ personal data. The data breach took place in December 2024, when data was stolen from the file transfer service Cleo. At the ...
- Why Cloud Misconfigurations Remain A Top Cause Of Data Breaches
April 8, 2025
It’s 2025, and the industry has built some of the most advanced cloud environments ever seen—automated deployments, real-time threat detection and infrastructure that scales with just a few lines of code. Yet, data breaches aren’t slowing down—why? Because a single misconfiguration—often as simple as an overly permissive IAM role or an exposed storage bucket—can wreck everything. ...
- How ToddyCat tried to hide behind AV software
April 7, 2025
To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. In early 2024, while investigating ToddyCat-related incidents, Kaspersky researchers detected a suspicious file named version.dll in the temp directory on multiple ...
- Massive Europcar data breach affects around 200,000 customers
April 7, 2025
Europcar has reportedly suffered a data breach in which it lost sensitive data on hundreds of thousands of customers. A threat actor with the alias ‘Europcar’ posted a new thread in an underground forum, claiming to have “successfully breached Europcar’s systems and obtained all their GitLab repositories”. As a result, the attacker took more than 9,000 ...
- Flaw in Verizon call record requests put millions of Americans at risk
April 4, 2025
Security researcher Evan Connelly discovered an enormous flaw affecting one of the largest telecommunications companies in the world that could allow any single person to view the recent incoming call log for potentially any Verizon phone number. A vulnerability in the Verizon Call Filter iOS app allowed anyone to request the call logs of millions of ...
- NSA warns “fast flux” threatens national security. What is fast flux anyway?
April 4, 2025
A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would ...