Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Leicester street lights stuck on all day due to cyber attack
April 22, 2024
A cyber attack targeting Leicester City Council has led to some street lights being stuck on all day. The attack crippled the authority’s services seven weeks ago and led to confidential documents being published online by the hackers, including rent statements and applications to buy council houses. Read more… Source: MSN News Sign up for our Newsletter Related:
- Singapore: Personal information of parents, staff at 127 schools accessed in data security breach
April 20, 2024
A data breach at one of its vendors has resulted in the “unauthorised access” of names and email addresses of parents and staff from five primary and 122 secondary schools, the Ministry of Education (MOE) said on Friday (Apr 19). MOE said it was notified by Mobile Guardian that its user management portal had been breached ...
- More ways Israel could strike Iran, from cyber attacks to assassinations
April 20, 2024
For years, the two countries in the Middle East targeted each other’s military and intelligence sites in cyber attacks. The best known, from Israel’s side, was Stuxnet – reportedly developed jointly by the U.S. and Israel — that struck the computer system of the Natanz nuclear site, an underground facility in central Iran. The New York ...
- Overflowing Water Tank Linked to Russian Cyber Attack
April 19, 2024
A water tank in Texas overflowed after a cyber attack in January, and a new report is linking the incident to hackers backed by the Russian government. On Jan. 18, city officials in Muleshoe were alerted to an overflowing water tank. When they checked it out, they learned that a software hack had caused a system ...
- The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider
April 18, 2024
In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK. The popularity of the platform meant that at the time of the ...
- DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
April 18, 2024
In February 2024, Kaspersky researchers discovered a new malware campaign targeting government entities in the Middle East. They dubbed it “DuneQuixote”; and their investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions – regular droppers and tampered installer files for a legitimate tool named “Total Commander”, ...