Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- New Caledonia foils a cyberattack “of unprecedented strength”
May 22, 2024
Millions of emails, from “different countries”, were sent to New Caledonia on Tuesday, May 21, after the announcement of Emmanuel Macron’s visit to the territory. “An access provider suffered an attack to saturate the New Caledonian network. The teams managed to control this attack. Millions of emails were sent simultaneously to an email address, which was ...
- Patriot Mobile Suffers Data Breach Impacting Subscriber’s Personal Data
May 21, 2024
U.S. mobile service provider Patriot Mobile fell victim to a security incident resulting in the leak of subscriber details including names, email addresses, zip codes, and account PINs, as reported by TechCrunch. The operator, Patriot Mobile, which boasts itself as a “Christian conservative wireless provider” with an estimated customer base under 100,000, has been seen endorsing ...
- 23-year-old man accused of running $100 million online narcotics marketplace
May 21, 2024
Federal authorities have arrested a 23-year-old Taiwanese national and charged him with running an online market that sold $100 million worth of illicit narcotics, including fentanyl, cocaine, methamphetamine, heroin, LSD, and ketamine. The authorities said that for almost four years, Rui-Siang Lin operated and owned the Incognito Market, an online marketplace on the dark web that ...
- Western Sydney University staff, students caught in cyber attack
May 21, 2024
About 7500 staff and students have been caught up in a massive cyber attack at Western Sydney University. Police are investigating the breach, which the university says dates as far back as May 2023, when an unauthorised party got into the Microsoft Office system and accessed email accounts and SharePoint files. WSU says they have not ...
- Deepfake video conference sees criminals escape with US$25 million
May 20, 2024
In February, a multinational company’s finance team member in Hong Kong made headlines after he transmitted HK$200 million (US$25 million) to cybercriminals who pretended to be the chief financial officer and other colleagues, using deepfake technology, in what the worker thought was a legitimate video conference. Now it’s been revealed that it was UK engineering group ...
- Medusa announced attack on John R. Wood Christie’s International Real Estate group
May 20, 2024
No patron information was compromised in a recent ransomware attack against John R. Wood Christie’s International Real Estate by a cyber gang known as Medusa, according to the company. Medusa announced the attack on its site, claiming it had stolen more than 1 terabyte of Wood data. The gang demanded $2 million from the real estate ...