Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware


Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.

Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams

    June 15, 2022

    LYON, France — A worldwide crackdown on social engineering fraud has seen scammers identified globally, substantial criminal assets seized and new investigative leads triggered in every continent. The two-month (8 March – 8 May 2022) Operation, codenamed First Light 2022, saw 76 countries take part in an international clampdown on the organized crime groups behind telecommunications ...

  • Malaysia-linked DragonForce hacktivists attack Indian targets

    June 15, 2022

    A Malaysia-linked hacktivist group has attacked targets in India, seemingly in reprisal for a representative of the ruling Bharatiya Janata Party (BJP) making remarks felt to be insulting to the prophet Muhammad. The BJP has ties to the Hindu Nationalist movement that promotes the idea India should be an exclusively Hindu nation. During a late May ...

  • A tiny botnet launched the largest DDoS attack on record

    June 15, 2022

    Web performance firm Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack last week that peaked at 26 million request per second (rps). It was caused by a small but powerful botnet of just 5,067 devices. This attack didn’t originate from compromised low-bandwidth Internet of Things devices like many other DDoS or junk ...

  • How much does access to corporate infrastructure cost?

    June 15, 2022

    Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to ...

  • Microsoft fixes under-attack Windows zero-day Follina

    June 15, 2022

    Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild. Criminals and ...

  • CISA Adds One Known Exploited Vulnerability to Catalog 

    June 14, 2022

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date ...