Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware


Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.

Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • UAE: ChatGPT used to launch cyber and ransomware attacks, says head of cybersecurity

    June 7, 2023

    Cyber attackers are using ChatGPT to launch ransomware attacks, said a senior UAE government official on Wednesday. “The emerging trend at the start of the year is that ChatGPT is used in some of the ransomware and phishing attacks. We investigated this with our partners and the discovery is really clear that adversaries are using that ...

  • Thousands of Aer Lingus staff data stolen in ransomware attack

    June 7, 2023

    A Russia-linked ransomware gang responsible for a global cyber attack that has led to 5,000 Aer Lingus staff having their data stolen may have acquired enough information for identity theft, a leading cybercrime expert has warned. US company Progress Software revealed last week hackers had found a way to compromise the MOVEit Transfer software which is ...

  • Adversaries increasingly using vendor and contractor accounts to infiltrate networks

    June 6, 2023

    The software supply chain has become a key security focus for many organizations, but the risks associated with supply chain attacks are often misunderstood. High-profile incidents like those reported by 3CX and MSI routinely grab headlines, continuing a trajectory of big-name security events that involve one specific aspect of the supply chain – software. Successful software-focused ...

  • CISA Releases Two Industrial Control Systems Advisories

    June 6, 2023

    CISA released two Industrial Control Systems (ICS) advisories on June 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • Spanish Globalcaja bank confirms ransomware attack

    June 5, 2023

    A prominent Spanish bank has confirmed that it is dealing with a ransomware attack that has impacted multiple branches. On Friday, Globalcaja issued a statement assuring customers that the incident has not impacted its entities’ operations, and that electronic banking and ATM services are still functioning. Read more… Source: Computing News  

  • Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward

    June 5, 2023

    Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to ...