Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong
August 22, 2023
A previously unknown advanced persistent threat (APT) group used the legitimate Cobra DocGuard software to carry out a supply chain attack with the goal of deploying the Korplug backdoor (aka PlugX) onto victim computers. In the course of this attack, the attackers used malware signed with a legitimate Microsoft certificate. Most of the victims in this ...
- CISA Releases Four Industrial Control Systems Advisories
August 22, 2023
CISA released four Industrial Control Systems (ICS) advisories on August 22, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-234-01 Hitachi Energy AFF66x ICSA-23-234-02 Trane Thermostats Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Japanese watchmaker Seiko struck by BlackCat/ALPHV ransomware attack
August 21, 2023
Japanese watchmaker Seiko Group Corp. has been struck by a ransomware attack, with the BlackCat/ALPHV ransomware gang claiming responsibility. The attack, officially described as a data breach, was disclosed by Seiko on Aug. 10 and is said to have taken place on July 28. According to Seiko, an unidentified party or parties gained unauthorized access to ...
- Cyber attack on Aussie energy services firm may hit UK CNI
August 21, 2023
Operators of critical utility infrastructure across the UK may have been affected by a developing cyber attack on the systems of Energy One, an Australia-based supplier of software and services for the energy sector. The ongoing incident was disclosed via a statement to the Australian Securities Exchange (ASX) on the morning of Monday 21 August (Sunday ...
- Northern Ireland: Man arrested on suspicion of terror offence linked to PSNI data breach released
August 17, 2023
A man arrested by detectives investigating criminality linked to last week’s major PSNI data breach has been released on bail to allow for further police enquiries. The 39-year-old man had been detained following a search in Lurgan, Co Armagh on Wednesday. He had been questioned on suspicion of collection of information likely to be of use ...
- Threat Actors are Interested in Generative AI, but Use Remains Limited
August 17, 2023
Since at least 2019, Mandiant has tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. Based on Mandiant own observations and open source accounts, adoption of AI in intrusion operations remains limited and primarily related to social engineering. In contrast, information operations actors of diverse motivations and capabilities ...

