Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Malicious campaigns target government, military and civilian entities in Ukraine, Poland
July 13, 2023
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. Cisco Talos judge that these operations are very likely aimed at stealing information and gaining persistent remote access. The activity Cisco Talos analyzed occurred as early as April 2022 and as recently as earlier ...
- Commerce Secretary Gina Raimondo’s emails hacked in Microsoft cyber breach
July 13, 2023
Commerce Secretary Gina Raimondo’s emails were hacked as part of the Microsoft cyber breach, according to a source familiar with the investigation. Microsoft’s Outlook systems were breached by Chinese hackers, according to the company. The breach was discovered in May. Read more… Source: ABC News
- Utility cyber threats on the rise, but experts say don’t forget basics
July 12, 2023
“There’s an increase in threat actors targeting critical infrastructure,” said Katell Thielemann, a Gartner research analyst focused on risk and security for cyber-physical systems. “And there’s an enhanced sensitivity that threat actors are probing infrastructure.” Since 2021, the U.S. Department of Energy’s annual summary of electric disturbance events shows an uptick in cyber activity. And cyber ...
- Major security flaws in popular Quickblox chat and video framework expose sensitive data of millions
July 12, 2023
Real-time chat and video services available within telemedicine, finance, and smart IoT device applications used by millions of people, rely on the popular QuickBlox framework. QuickBlox supplies mobile and web application developers with a SDK and APIs to deliver not only user management, real-time public and private chat features, for example, but also security features ...
- Hunting for A New Stealthy Universal Rootkit Loader
July 11, 2023
In one of their recent threat hunting investigations, Trend Micro researchers came across an interesting new threat activity cluster that we initially thought was a false positive detection for a Microsoft signed file. However, this turned out to be a novel piece of a signed rootkit that communicates with a large command-and-control (C&C) infrastructure for an ...
- Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes
July 11, 2023
Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies. Read more… Source: Talos

