Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- New CloudMensis malware backdoors Macs to steal victims’ data
July 19, 2022
Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks. ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication. CloudMensis’ capabilities clearly show that ...
- Roaming Mantis hits Android and iOS users in malware, phishing attacks
July 19, 2022
After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices. Roaming Mantis is believed to be a financially-motivated threat actor that started targeting European users in February. In a recently observed campaign, the threat actor ...
- Botnet malware disguises itself as password cracker for industrial controllers
July 18, 2022
Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems. These programs offer to crack passwords for specific programmable logic controllers, according to security shop Dragos this month. According to their online ads, the cracking tools can help unlock products from more than a dozen electronics manufacturing ...
- Hackers pose as journalists to breach news media org’s networks
July 16, 2022
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation. Recent ...
- Meet Mantis – the tiny shrimp that launched 3,000 DDoS attacks
July 15, 2022
The botnet behind the largest-ever HTTPS-based distributed-denial-of-service (DDoS) attack has been named after a tiny shrimp. Cloudflare said it thwarted the 26 million request per second (rps) attack last month, and we’re told the biz has been tracking the botnet ever since. Now, the internet infrastructure company has given the botnet a name — Mantis — ...
- Attackers scan 1.6 million WordPress sites for vulnerable plugin
July 15, 2022
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. The attackers are targeting the Kaswara Modern WPBakery Page Builder, which has been abandoned by its author before receiving a patch for a critical severity flaw tracked as ...

