Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information
October 31, 2024
HUMAN’s Satori Threat Intelligence and Research team recently uncovered and disrupted a sprawling fraud operation centered on fake web shops that abuse digital payment providers to steal consumers’ money and credit card information. The threat, dubbed Phish ’n’ Ships, is made up of hundreds of fake web shops offering in-demand items. The threat actors, whose internal ...
- Loose-lipped neural networks and lazy scammers
October 31, 2024
One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...
- Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
October 31, 2024
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing ...
- Android malware FakeCall intercepts your calls to the bank
October 31, 2024
An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank. Instead of reaching your bank, your call will be redirected to the cybercriminals. The Trojan accomplishes this by installing itself as the default call handler on the infected device. The default call handler app is responsible for managing ...
- Peru: Cybercriminals demand 4 million dollars for Interbank customer data
October 31, 2024
Organized crime in Peru has taken a worrying turn, extending its activities from attacks on public transport companies and kidnapping businessmen to cybercrime. These criminals use advanced technology to extort money from large companies, including the recent attack on Interbank bank. Reportedly criminals have breached Interbank’s security systems, stealing the database of millions of customers and ...
- Bedfordshire is the UK’s cyber crime capital
October 30, 2024
The rate in Bedfordshire was nearly four times higher than neighbouring Hertfordshire, which saw 1,300 incidents among its 1.2 million population, reveals analysis of National Fraud Intelligence Bureau (NFIB) data by IT experts Computer Care. Lincolnshire was the police area least affected by cyber crime, with only 438 reports among the one million population – equal ...