Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Spam and phishing in 2024
February 19, 2025
In 2024, cybercriminals targeted travel enthusiasts using fake hotel and airline booking websites. In one simple scheme, a fraudulent site asked users to enter their login credentials to complete their booking — these credentials ended up in criminal hands. Sometimes, the fake login form appeared under multiple brand names at once (for example, both Booking ...
- Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit
February 19, 2025
This article reviews nine vulnerabilities Palo Alto researchers recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA’s Compute Unified Device Architecture (CUDA) Toolkit. The researchers have coordinated with NVIDIA, and the company has released an update in February 2025 to address these issues. The vulnerabilities are tracked as the following Common Vulnerabilities and ...
- Philippines reports foreign cyber intrusions targeting intelligence data, but no breaches
February 18, 2025
The Philippines has detected foreign attempts to access intelligence data, but its cyber minister said on Tuesday no breaches have been recorded so far. Attempts to steal data are wide-ranging, said minister for information and communications Ivan Uy. Advanced Persistent Threats or APTs have repeatedly attempted but failed to infiltrate government systems, suggesting the country’s cyber-defences ...
- StaryDobry ruins New Year’s Eve, delivering miner instead of presents
February 18, 2025
On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Kaspersky telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and ...
- 50,000 electronic attacks countered daily by UAE Cybersecurity Council
February 17, 2025
Dr. Mohammed Hamad Al Kuwaiti, Chairman of the UAE Cybersecurity Council, stated that the UAE possesses an advanced cybersecurity system capable of predicting and countering most electronic attacks before they occur. He noted that the average daily cyberattacks on key sectors exceeds 50,000, all of which are proactively deterred and mitigated. In statements to the Emirates ...
- Data breach leaks a whopping 2.7 billion records inclusing smartphone and Wi-Fi info
February 16, 2025
A huge data breach has resulted in the leak of 2.7 billion records belonging to China’s Mars Hydro. The company is involved in indoor growing and hydroponics which is the process of growing plants without soil. The company offers LED grow lights, grow tents, and other products. Because many of the products it offers are controlled ...