Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware


Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.

Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • Russia, China, warn US its cyber support of Ukraine has consequences

    June 10, 2022

    Russia and China have each warned the United States that the offensive cyber-ops it ran to support Ukraine were acts of aggression that invite reprisal. The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia’s illegal invasion. While many nations occasionally mention they possess offensive ...

  • Hackers Can Steal Your Tesla by Creating Their Own Personal Keys

    June 9, 2022

    Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars. For years, drivers who used their Tesla NFC key card to unlock their cars had to place the card on the ...

  • LockBit 2.0: How This RaaS Operates and How to Protect Against It

    June 9, 2022

    LockBit 2.0 is ransomware as a service (RaaS) that first emerged in June 2021 as an upgrade to its predecessor LockBit (aka ABCD Ransomware), which was first observed in September 2019. Since its inception, the LockBit 2.0 RaaS attracted affiliates via recruitment campaigns in underground forums, and thus became particularly prolific during the third quarter of ...

  • CISA Adds Three Known Exploited Vulnerabilities to Catalog  

    June 9, 2022

    CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the ...

  • New Linux malware is ‘almost impossible’ to detect

    June 9, 2022

    A joint research effort has led to the discovery of Symbiote, a new form of Linux malware that is “almost impossible” to detect. On Thursday, researchers from BlackBerry Threat Research & Intelligence team, together with Intezer security researcher Joakim Kennedy, published a blog post on the malware – dubbed Symbiote because of its “parasitic nature.” The team ...

  • Facebook phishing campaign nets millions in IDs and cash

    June 9, 2022

    An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it’s only getting bigger. Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly ...