Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Graphican: Flea uses new backdoor in attacks targeting Foreign Ministries
June 21, 2023
The Flea (aka APT15, Nickel) advanced persistent threat (APT) group continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023 in which it leveraged a new backdoor called Backdoor.Graphican. This campaign was primarily focused on foreign affairs ministries in the Americas, although the group also targeted a ...
- Dissecting TriangleDB, a Triangulation spyware implant
June 21, 2023
Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits. Due to this granularity, discovering one exploit in the chain often does not result in retrieving the rest ...
- Microsoft Azure and Outlook outages were caused by DDoS attacks
June 19, 2023
Microsoft has confirmed that outages to its Azure and Outlook services were caused by DDoS attacks, which the company puts down to the threat actor that it tracks as Storm-1359. This follows the tech giant’s new nomenclature for threats, whereby Storm denotes a group that is in development. Otherwise known as Anonymous Sudan, it is said ...
- Whitehall wide open to cyber-attack, warn campaigners
June 18, 2023
Government departments responsible for running health and social care, and for collecting taxes, are using outdated software that leaves them wide open to cyber-attacks, according to a disturbing new investigation. The use of “legacy” servers and databases has been uncovered through freedom of information (FoI) requests from the low-tax pressure group the TaxPayers’ Alliance. It has ...
- Understanding Malware-as-a-Service
June 15, 2023
Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercriminal community. The Malware-as-a-Service (MaaS) business model emerged as a result of ...
- Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
June 15, 2023
Starting as early as October 10, 2022, UNC4841 sent emails to victim organizations that contained malicious file attachments designed to exploit CVE-2023-2868 to gain initial access to vulnerable Barracuda ESG appliances. Over the course of their campaign, UNC4841 has primarily relied upon three principal code families to establish and maintain a presence on an ESG appliance, ...

