Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware


Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.

Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • Ransomware attack exposes data of 500,000 Chicago students

    May 21, 2022

    The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December. Ohio-based Battelle for Kids is a not-for-profit educational organization that analyzes student data shared by public school systems to design instructional models and ...

  • China-linked Twisted Panda caught spying on Russian defense R&D

    May 20, 2022

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research. The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop. In a technical analysis, the researchers detail ...

  • Canada to ban Huawei and ZTE and tell telcos to rip out 5G and 4G equipment

    May 20, 2022

    Following the steps of its Five Eyes partners, Canada has moved to ban Huawei and ZTE from its telco networks. “The government of Canada is ensuring the long term safety of our telecommunications infrastructure. As part of that, the government intends to prohibit the inclusion of Huawei and ZTE products and services in Canada’s telecommunications systems,” ...

  • Global food supply chain at risk from malicious hackers

    May 20, 2022

    Modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning. It is feared hackers could exploit flaws in agricultural hardware used to plant and harvest crops. Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software. Read more… Source: BBC News  

  • Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

    May 19, 2022

    In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based encryption for its communications. XorDdos depicts the trend of malware ...

  • Bruised but Not Broken: The Resurgence of the Emotet Botnet Malware

    May 19, 2022

    The Emotet botnet malware is well known in the cybersecurity industry for its success in using spam emails to compromise machines and then selling access to these machines as part of its infamous malware-as-a-service (MaaS) scheme. Operators behind notorious threats such as the Trickbot trojan and the Ryuk or Conti ransomware are among the malicious ...