Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Threat Assessment: Howling Scorpius (Akira Ransomware)
December 2, 2024
Emerging in early 2023, the Howling Scorpius ransomware group is the entity behind the Akira ransomware-as-a-service (RaaS), which has consistently ranked in recent months among the top five most active ransomware groups. Its double extortion strategy significantly amplifies the threat it poses. Unit 42 researchers have been monitoring the Howling Scorpius ransomware group over the past ...
- Zyxel Releases Advisory for Exploited Vulnerability CVE-2024-11667
December 2, 2024
Zyxel has released a security advisory addressing recent targeting of its firewall products. Attackers have been observed exploiting vulnerabilities patched in September (see Cyber Alert CC-4541) and a previously undisclosed high severity vulnerability. CVE-2024-11667 is a path traversal vulnerability and has a CVSSv3 score of 7.5. If exploited, an attacker could download or upload files via ...
- Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT
December 2, 2024
Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as “Запрос цены и предложения от Индивидуального предпринимателя <ФИО> на август 2024. According to Kaspersky telemetry, ...
- Retail outages drag into second week after Blue Yonder ransomware attack
December 2, 2024
A ransomware attack on supply chain software giant Blue Yonder continues to cause disruption to the company’s customers, almost two weeks after the outage first began. In a brief update to its cybersecurity incident page on Sunday, Arizona-based Blue Yonder said it is making “good progress” in its recovery from the attack, which hit its manage ...
- Shin Bet finds 200 Iranian cyberattacks on Israeli personalities
December 2, 2024
In recent months, the Shin Bet (Israel Security Agency) has uncovered some 200 efforts made by Iranian hackers to target Israeli civilians, the Shin Bet stated on Monday. The hacking was conducted via phishing attempts against various individuals, including Israeli politicians, academics, and media personalities, the security agency added. The hackers reportedly looked to gain access ...
- No company too small for Phobos ransomware gang, indictment reveals
December 2, 2024
The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, ...