Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware


Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.

Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • FBI: Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons

    April 20, 2022

    The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain. The FBI noted ransomware attacks during these seasons against six grain cooperatives during ...

  • Oracle’s quarterly Critical Patch Update arrives with 520 fixes

    April 20, 2022

    Enterprise software giant Oracle has released its April Critical Patch Update (CPU) advisory, which includes 520 fixes for security flaws. Critical Patch Updates are collections of security fixes for Oracle products, published quarterly. This update addresses security flaws in dozens of products with three bugs getting a severity rating of 10 out of a possible 10, ...

  • Okta: Lapsus$ breach lasted only 25 minutes, hit 2 customers

    April 20, 2022

    Identity and access management firm Okta says an investigation into the January Lapsus$ breach concluded the incident’s impact was significantly smaller than expected. Based on the final forensic report, Okta’s Chief Security Officer David Bradbury said the attacker only accessed the two active customer tenants after gaining control of a single workstation used by an engineer ...

  • FBI: BlackCat/ALPHV Ransomware Indicators of Compromise

    April 20, 2022

    This FLASH is part of a series of FBI reports to disseminate known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with ransomware variants identified through FBI investigations. As of March 2022, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities worldwide and is the first ransomware group to do ...

  • Ransomware gangs are getting a lot quicker at encrypting networks

    April 20, 2022

    A highly successful and aggressive ransomware gang is getting even faster at encrypting networks as they look to extort ransom payments from as many victims as possible. Researchers at Mandiant examined ransomware attacks by a cyber-criminal group they refer to as FIN12 – responsible for one in five attacks investigated by the cybersecurity company – and ...

  • Five Eyes nations fear wave of Russian attacks against critical infrastructure

    April 20, 2022

    The Five Eyes nations’ cybersecurity agencies this week urged critical infrastructure to be ready for attacks by crews backed by or sympathetic to the Kremlin amid strong Western opposition to Russia’s invasion of Ukraine. The joint alert, issued by cybersecurity authorities in the US, UK, Australia, Canada and New Zealand, provides technical details on more than ...