Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware


Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.

Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • Latest evolution of ‘pig butchering’ scam lures victim into fake mining scheme

    September 18, 2023

    Crypto fraud has become the dominant form of Internet-based confidence schemes over the past three years, as demonstrated by the sha zhu pan (“pig butchering”) scams Sophos researchers recently investigated. But one variant has been growing at a particularly rapid pace: fake “liquidity mining.” Sophos X-Ops has also seen growth in crypto phishing sites that connect ...

  • Microsoft AI researchers accidentally exposed terabytes of internal sensitive data

    September 18, 2023

    Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. In research shared with TechCrunch, cloud security startup Wiz said it discovered a GitHub repository belonging to Microsoft’s AI research division as part of its ongoing work ...

  • CISA Adds Eight Known Exploited Vulnerabilities to Catalog

    September 18, 2023

    CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability CVE-2017-6884 Zyxel EMG2926 Routers Command Injection Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds One Known Vulnerability to Catalog  

  • HWL Ebsworth hack: 65 Australian government agencies affected by cyber-attack

    September 18, 2023

    Sixty-five Australian government departments and agencies were victims of the cyber-attack on legal firm HWL Ebsworth, the national cybersecurity coordinator has revealed. In a speech on Monday, Air Marshal Darren Goldie also revealed that some people and clients with personal information exposed in the hack have yet to be informed. The Russian-linked ALPHV/BlackCat ransomware group hacked the law ...

  • Kuwait’s finance ministry says cyberattack hit one of its systems

    September 18, 2023

    Kuwait’s finance ministry said on Monday that one of its systems had suffered a cyberattack in the early morning but that the ministry continued to work normally. The ministry said in a statement that protection systems and procedures had been activated and “the level of the hacking attempt is being assessed.” Read more… Source:  Alarabiya News  

  • Cyber attacks and dozy drivers: These are the future risks of self-driving cars

    September 17, 2023

    “A large cyber-terrorist attack targeting the operating systems of many self-driving vehicles simultaneously could cause mass casualties” – that is the alarming scenario presented by MPs after their investigation into autonomous cars on British roads. After a 15-month enquiry, the transport select committee has issued a hard-hitting report highlighting the hazards self-driving vehicles could create. Read more… Source: ...