Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Guernsey: Warning after spike in cyber-attacks
July 25, 2024
Authorities have warned organisations to take extra measures to protect their IT systems after a spike in cyber-attacks in Guernsey. The Office of the Data Protection Authority (ODPA) said some Microsoft 365 systems had been compromised by phishing attacks, where someone is tricked into giving out information over email. It warned criminals were becoming increasingly adept ...
- Onyx Sleet uses array of malware to gather intelligence for North Korea
July 25, 2024
On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. Microsoft will continue to closely monitor Onyx Sleet’s activity to assess ...
- Pentagon contractor Leidos hit by data breach Internal documents leaked on cybercrime forum
July 25, 2024
Hackers have reportedly leaked internal documents stolen from Leidos Holdings Inc., a company with a significant contract portfolio including the US Defense Department, Homeland Security, and NASA. A person with knowledge of the matter told Bloomberg News that the company believes the documents leaked by hackers were stolen during a previously disclosed breach at Diligent Corporation. ...
- Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
July 25, 2024
A little-known spyware maker based in Minnesota has been hacked, TechCrunch has learned, revealing thousands of devices around the world under its stealthy remote surveillance. A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company’s servers containing detailed device activity logs from the phones, tablets, and computers that ...
- Russian banking sector faced DDoS attack planned from abroad
July 24, 2024
The Russian banking sector was exposed to a DDoS attack planned from overseas, the VTB Bank press service told TASS. “The banking sector was exposed to the DDoS attack orchestrated from overseas. A minor share of VTB clients faced individual constraints in operations of bank apps due to the high load on the infrastructure of Internet ...
- Cyberattack closes Jefferson County Clerk’s Office, all motor vehicle branches
July 24, 2024
A cyber attack forced the Jefferson County Clerk’s Office to close its eight branches this week. The attack was first discovered at 2:24 a.m. Monday, said Ashley Tinius, a spokesperson for the office. The office has been working with a private cybersecurity firm and law enforcement to investigate the attack and repair its system, Tinius said. ...