Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Attack Surface Management 2022 Midyear Review – Part 3
November 3, 2022
With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, Trend Micro researchers discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, Trend Micro researchers talk ...
- Gregor Samsa: Exploiting Java’s XML Signature Verification
November 2, 2022
XML Signatures are a typical example of a security protocol invented in the early 2000’s. They suffer from high complexity, a large attack surface and a wealth of configurable features that can weaken or break its security guarantees in surprising ways. Modern usage of XML signatures is mostly restricted to somewhat obscure protocols and legacy ...
- US Treasury thwarts DDoS attack from Russian Killnet group
November 2, 2022
The US Treasury Department has thwarted a distributed denial of service (DDoS) attack that officials attributed to Russian hacktivist group Killnet. These are the same pro-Kremlin miscreants that claimed responsibility for knocking more than a dozen US airports’ websites offline on October 10 in similar network-traffic flooding incidents. The large-scale DDoS attack didn’t disrupt air travel ...
- Server-side attacks, C&C in public cloud services
November 2, 2022
This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. Kaspersky researchers hope that learning about the attacks that took place in the wild helps you to stay up to date on the modern ...
- Emotet botnet starts blasting malware again after 5 month break
November 2, 2022
The Emotet malware operation is again spamming malicious emails after almost a five-month “vacation” that saw little activity from the notorious cybercrime operation. Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL will be downloaded and loaded into memory. Once ...
- Ransomware cost US banks $1.2 billion last year
November 2, 2022
Banks in the US paid out nearly $1.2 billion in 2021 as a result of ransomware attacks, a marked rise over the year before though it may simply be due to more financial institutions being asked to report incidents. The figures come from the most recent Financial Trend Analysis report on ransomware from the US ...

