Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- A closer look at the Tria stealer campaign
January 30, 2025
Since mid-2024, Kaspersky researchers observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which they have named “Tria Stealer” after unique strings found in campaign samples. The primary targets of the campaign are users in Malaysia and Brunei, with Malaysia being the most affected ...
- CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia
January 29, 2025
We identified a cluster of activity that we track as CL-STA-0048. This cluster targeted high-value targets in South Asia, including a telecommunications organization. This activity cluster used rare tools and techniques including the technique we call Hex Staging, in which the attackers deliver payloads in chunks. Their activity also includes exfiltration over DNS using ping, and ...
- UK: Whitehall is at risk from hackers due to poor cyber defences
January 29, 2025
Whitehall departments are at growing risk of being hacked because anti-cyber attack defences are ‘lower’ than thought, an alarming report has found. The inquiry by the National Audit Office (NAO) was branded a ‘wake-up call’ for officials to step-up defences against hostile actors.It identified a shortage of cyber skills within departments and risks posed by outdated ...
- Smiths Group: Shares fall as engineering giant hit by cyber attack
January 28, 2025
Global engineering firm Smiths Group has reported a cyber security incident involving unauthorised access to its systems. Upon detecting the breach, the firm promptly isolated the affected systems and activated its business continuity plans to mitigate disruptions. The company, known for its baggage screening equipment and explosive detectors, is collaborating with cyber-security experts to restore the ...
- The Honeymoon for Cloud Services Is Over
January 27, 2025
The cloud services you rely on are no longer as secure as they used to be. Once seemingly a safe haven for data and applications, attackers are increasingly leveraging cloud services for command and control—and the Symantec Threat Hunter Team predicts an unnerving upshoot in 2025. The Microsoft breach by Russian nation-state actors is one instance ...
- Chinese tech startup DeepSeek says it was hit with ‘large-scale malicious attacks’
January 27, 2025
Chinese tech startup DeepSeek said it was hit by a cyber attack on Monday that disrupted users’ ability to register on the site. The company, whose artificial intelligence chatbot has sent the tech world into a frenzy, said that it had suffered “large-scale malicious attacks” on its services. Registered users could log in normally, DeepSeek said. Read ...