Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Thailand feels the force of cyber-attacks
August 1, 2023
The average number of cyber-attacks on organisations in Thailand was almost double the average rate globally and slightly higher than the average within Southeast Asia over the past six months, according to Check Point Research. Thai organisations were attacked 2,388 times per week on average during the last six months, compared with 2,375 attacks per week ...
- Google AMP – The Newest of Evasive Phishing Tactic
August 1, 2023
A new phishing tactic utilizing Google Accelerated Mobile Pages (AMP) has hit the threat landscape and proven to be very successful at reaching intended targets. Google AMP is an open-source HTML framework used to build websites that are optimized for both browser and mobile use. The websites that Cofense researches observed in these campaigns are hosted ...
- Out of the Sandbox: WikiLoader Digs Sophisticated Evasion
July 31, 2023
Proofpoint researchers identified a new malware we call WikiLoader. It was first identified in December 2022 being delivered by TA544, an actor that typically uses Ursnif malware to target Italian organizations. Proofpoint observed multiple subsequent campaigns, the majority of which targeted Italian organizations. WikiLoader is a sophisticated downloader with the objective of installing a second malware ...
- Malawi: Macra Warns Public to Be On High Alert Against Heightened Cyber Attacks in Comesa Region
July 30, 2023
Malawi Computer Response Team (mwCERT) of the Malawi Communications Regulatory Authority (MACRA) announces of recent cyber-attacks that have targeted several countries in the COMESA region, resulting in severe disruptions to critical information infrastructure, across various sectors. In a statement, MACRA Director General, Daud Suleman says “these online attacks have the potential to affect anyone due to ...
- US officials search for hidden Chinese malware that could affect military operations
July 29, 2023
US officials are searching for Chinese malware hidden in various defense systems that could disrupt military communications and resupply operations, The New York Times reported Saturday. The administration believes malicious computer code has been hidden inside “networks controlling power grids, communications systems and water supplies that feed military bases,” officials told the Times. Read more… Source: CNN News
- CISA Releases Malware Analysis Reports on Barracuda Backdoors
July 28, 2023
CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited ...

