Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Taiwan: Defense ministry confirms basic data leak
October 21, 2024
The Ministry of National Defense today confirmed a data leak of basic personal information about certain high-ranking officials in response to a report from Chinese-language media, but said it did not include any information about personal asset holdings. The China Times this morning published a report saying that personal data of people ranked colonel and above ...
- Code Injection in Spring Cloud: CVE-2024-37084
October 18, 2024
The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. CVE-2024-37084 is a critical vulnerability affecting Spring Cloud Data Flow versions 2.11.0 through 2.11.3. A malicious user with access to the Skipper server API can exploit a flaw in the upload request process, ...
- Finland’s NBI probes wave of bank cyber attacks
October 18, 2024
Finland’s National Bureau of Investigation has opened a preliminary probe on a series of cyber attacks on the country’s financial sector. Finnish banks have been targeted in cyber attacks in recent months. In particular, Nordea Bank has been hit by several distributed denial of service (DDoS) attacks throughout the autumn. The bank has faced recurring problems ...
- Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
October 18, 2024
Last December, Kaspersky researchers discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. Kaspersky researchers have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs). Moreover, the infrastructure partially overlaps ...
- Greek police data leak exposes details of elite crime-fighting unit members
October 18, 2024
A Greek police officers association says it is planning legal action after names and details of hundreds of officers from a new elite crime-fighting agency were published on the internet. The Directorate for Combating Organised Crime, DAOE, was launched Thursday to tackle organized crime activities including contract killings, fuel smuggling and money laundering. Police officials confirmed ...
- New macOS vulnerability, “HM Surf”, could lead to unauthorized data access
October 17, 2024
Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a configuration ...