Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- The Dreaded Network Pivot: An Attack Intelligence Story
June 4, 2024
Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability and attacker landscape. The spiritual successor to their annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with their detection and response and threat intelligence teams. It is designed to provide the clearest view yet into ...
- Hospitals in London declared critical incident after cyber-attack
June 4, 2024
Major hospitals in London have declared a critical incident after a cyber-attack led to operations being cancelled and emergency patients being diverted elsewhere. It applies to hospitals partnered with Synnovis – a provider of pathology services. King’s College Hospital, Guy’s and St Thomas’ – including the Royal Brompton and the Evelina London Children’s Hospital – and ...
- The impact of legacy vulnerabilities in today’s cybersecurity landscape
June 4, 2024
Of the top five most widely used network attacks against SMBs, the ‘newest’ vulnerability represented were nearly three years old, while the oldest were over a decade old – which is primitive when considering the modern threat environment. The results are a clear reminder for CISOs and cybersecurity leaders that they must assess organizational threats based ...
- Navigating Cyber Risk Through Collaboration
June 3, 2024
The constantly evolving cyber risk landscape presents a formidable challenge to organizations, as businesses transform, scopes and boundaries shift, and bad actors develop new tactics and techniques to exploit vulnerabilities and compromise systems. With the rate of risk velocity increasing faster than the resources of most risk-focused teams, collaboration and working together smarter is one of ...
- Excel File Deploys Cobalt Strike at Ukraine
June 3, 2024
FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication with a command and control (C2) server. This attack employs various evasion techniques to ensure successful ...
- UK: The Princess of Wales’s hospital data breach not referred to police due to suspected ‘decoy’ plan
June 3, 2024
The Princess of Wales’s hospital data breach has not been referred to police as an expert explains that a “decoy” plan could have been in use – meaning her actual medical files were not accessed by the perpetrators. Despite Health Minister Maria Caulfield revealing back in March that the police had been asked to look into ...