Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Indonesia’s tax agency probes alleged personal data breach
September 19, 2024
Indonesia’s tax agency is investigating an alleged data breach that exposes the taxpayer identification numbers of millions of Indonesians, including President Joko “Jokowi” Widodo, his ministers and his two sons, an official said. A series of cyber-attacks have hit Indonesian companies and government agencies in the past few years, which experts attribute to the government’s lax ...
- Cyber attack on city of Wichita limited to police records, internal investigation finds
September 19, 2024
A ransomware attack that crippled the city of Wichita’s network for more than a month starting in May was limited to a Wichita Police Department records system, city officials said Wednesday. That means the Russian hacker group — LockBit — that claimed credit for the attack did not access bank card numbers, social security numbers or ...
- Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
September 18, 2024
Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, ...
- Hacker claims to have for sale 87 million strong database after suspected Temu breach
September 18, 2024
A cybercriminal claims to have breached Temu and stolen millions of customer records, but the ecommerce giant is vehemently denying the claims. A hacker with the alias ‘smokinthashit’ took to BreachForums, one of the most popular underground forums out there, and advertised a new database, allegedly stolen from the company. “Temu company database for sale. +87M ...
- Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State-Sponsored Hackers
September 18, 2024
The Justice Department today announced a court-authorized law enforcement operation that disrupted a botnet consisting of more than 200,000 consumer devices in the United States and worldwide. As described in court documents unsealed in the Western District of Pennsylvania, the botnet devices were infected by People’s Republic of China (PRC) state-sponsored hackers working for Integrity ...
- Lebanon: Nine killed, 300 wounded in a new wave of explosions across the country
September 18, 2024
At least nine people have been killed and 300 were wounded in Lebanon in a new wave of blasts related to communication devices, the Health Ministry has said, a day after thousands of pagers used by Hezbollah detonated across the country. Multiple explosions were reported across Lebanon on Wednesday, with state-run National News Agency saying that ...