Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
March 25, 2025
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...
- KLIA operations not affected after Malaysian airport hit by cyber attack
March 25, 2025
Operations at the Kuala Lumpur International Airport (KLIA) were not affected by a cyber attack by hackers who demanded US$10 million (S$13.4 million). In a joint statement on March 25, the National Cyber Security Agency (Nacsa) and Malaysia Airports Holdings Berhad (MAHB) said they detected a cyber-security threat affecting certain computer systems at KLIA on March ...
- MoDiRAT Malware Uses Horus Protector to Target France
March 25, 2025
The SonicWall Capture Labs threat research team has identified a new development in the Horus Protector distributed infection chain. Recently, it has been targeting the French region with MoDiRAT, a malware notorious for stealing credit card and other victim information. During the infection process, it deploys the DarkCloud stealer; however, before exiting, the loader verifies if ...
- Security Updates Released for Ingress NGINX Controller for Kubernetes
March 25, 2025
Five vulnerabilities have been discovered within the Ingress NGINX Controller for Kubernetes. NGINX Ingress Controller is a tool used in Kubernetes environments to manage and route external traffic to services within the cluster. Ingress Controller acts as a reverse proxy and load balancer, supporting various protocols like WebSocket, gRPC, TCP, and UDP, and also provides features ...
- 23andMe is looking to sell customers’ genetic data, here’s how to delete it
March 25, 2025
Many 23andMe customers signed up to the genetic testing service in hopes of learning fun or interesting information about their past. But consumer advocates are now urging those users to request the deletion of their accounts and data from the site, to prevent their genetic information from ending up in unexpected hands. San Francisco-based 23andMe filed ...
- Broadcom Releases Security Advisory for VMware Tools for Windows
March 25, 2025
Broadcom has released a security advisory addressing a high severity vulnerability in VMware Tools for Windows. VMware Tools is a suite of utilities that enhances the performance of VMware virtual machines and provides extra functionality. CVE-2025-22230 is an authentication bypass due to improper access control vulnerability with a CVSSv3 score of 7.8. If exploited, an attacker ...