Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- US Treasury links North Korean hacker group Lazarus to $600M Axie Infinity heist
April 14, 2022
The US Treasury Department on Thursday linked a notorious North Korean hacking group to a massive $600 million cyber breach last month. The connection was clear when the Treasury Department updated its sanctions listing for the hacking group, called Lazarus Group. The federal agency added a cryptocurrency address that was used to steal $600 million from ...
- Coordinated Vulnerability Disclosure policies in the EU
April 13, 2022
Vulnerability disclosure has become the focus of attention of cybersecurity experts engaged in strengthening the cybersecurity resilience of the European Union. The valid source of concern comes from the cybersecurity threats looming behind vulnerabilities, as demonstrated by the impact of the Log4Shell vulnerability. Security researchers and ethical hackers constantly scrutinise ICT systems – both open source ...
- Emotet modules and recent attacks
April 13, 2022
Emotet was first found in the wild in 2014. Back then its main functionality was stealing user banking credentials. Since then it has survived numerous transformations, started delivering other malware and finally became a powerful botnet. In January 2021 Emotet was disrupted by a joint effort of different countries’ authorities. It took the threat actors ...
- Enemybot: a new Mirai, Gafgyt hybrid botnet joins the scene
April 13, 2022
A new botnet is targeting routers, Internet of Things (IoT) devices, and an array of server architectures. On April 12, cybersecurity researchers from FortiGuard Labs said the new distributed denial-of-service (DDoS) botnet, dubbed Enemybot, borrows modules from the infamous Mirai botnet’s source code, alongside Gafgyt’s. The Mirai botnet was responsible for a massive DDoS attack against Dyn ...
- INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
April 13, 2022
In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools—which we call INCONTROLLER (aka PIPEDREAM)—built to target machine automation devices. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. While the targeting of any operational environments ...
- UK: Police anti-terror IT system was ‘not fit for purpose’ – former officer
April 13, 2022
A key intelligence database used by police to investigate extremists was “not fit for purpose” when introduced in 2014, a former counter-terrorism officer has told the BBC. The officer, who retired in 2018, says the National Common Intelligence Application (NCIA) had serious flaws. Counter Terrorism Policing says “substantial improvements” were made following a significant review after terror ...