Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware


Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.

Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • Medibank now says hackers accessed all its customers’ personal data

    October 27, 2022

    Australian insurance firm Medibank has confirmed that hackers accessed all of its customers’ personal data and a large amount of health claims data during a recent ransomware attack. In an announcement published today, the companies warned that an internal investigation into the attack has shown that the threat actors had far greater access to customer data ...

  • Feds accuse Ukrainian of renting out PC-raiding Raccoon malware to fiends

    October 26, 2022

    Mark Sokolovsky, 26, a Ukrainian national, is being held in the Netherlands while he awaits extradition to America on cybercrime charges, the US Justice Department said on Tuesday. Sokolovsky, said to have used the online names Photix, Raccoon Stealer, and black21jack77777, was indicted on November 2, 2021 by a federal grand jury for his alleged role ...

  • Insider Threat: The Dangers Within

    October 25, 2022

    Mandiant has adopted the Cyber and Infrastructure Security Agency (CISA) definition of insider, which states, “An insider is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems.” An insider threat is then the “potential for that insider to use their authorized access ...

  • Hive claims ransomware attack on Tata Power, begins leaking data

    October 25, 2022

    Hive ransomware group has claimed responsibility for a cyber attack disclosed by Tata Power this month. A subsidiary of the multinational conglomerate Tata Group, Tata Power is India’s largest integrated power company based in Mumbai. In screenshots seen by BleepingComputer, Hive operators have posted data they claim to have stolen from Tata Power, indicating that the ransom ...

  • CISA Adds Six Known Exploited Vulnerabilities to Catalog

    October 24, 2022

    CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added ...

  • Apple fixes new zero-day used in attacks against iPhones, iPads

    October 24, 2022

    In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. Apple revealed in an advisory today that it’s aware of reports saying the security flaw “may have been actively exploited.” The bug (CVE-2022-42827) is an out-of-bounds write issue reported to Apple by an ...