Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- New RURansom Wiper Targets Russia
March 8, 2022
A conflict in cyberspace is unfolding parallel to the conflict between Russia and Ukraine on the ground. Cyberattacks are being lobbed against both Russian and Ukrainian sides, with a new wiper directed against Russia joining the fray. On March 1, a tweet from MalwareHunterTeam about a possible ransomware variant caught our attention and set our immediate ...
- Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments
March 8, 2022
UPDATE: The original post may not have provided full clarity that CVE-2021-44207 (USAHerds) had a patch developed by Acclaim Systems for applicable deployments on or around Nov. 15, 2021. Mandiant cannot speak to the affected builds, deployment, adoption, or other technical factors of this vulnerability patch beyond its availability. In May 2021 Mandiant responded to an APT41 intrusion ...
- Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed
March 8, 2022
Microsoft has released 71 security fixes for software, including 41 patches for Microsoft Windows vulnerabilities, five vulnerabilities in Microsoft Office and two in Microsoft Exchange. Two of the vulnerabilities are rated critical — CVE-2022-22006 and CVE-2022-24501 — while the rest are rated important. In the Redmond giant’s latest round of patches, usually released on the second Tuesday ...
- FBI: RagnarLocker Ransomware Indicators of Compromise
March 7, 2022
The FBI first became aware of RagnarLocker in April 2020 and subsequently produced a FLASH to disseminate known indicators of compromise (IOCs) at that time. This FLASH provides updated and additional IOCs to supplement that report. As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by ...
- TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
March 7, 2022
Since 2020, Proofpoint researchers have observed TA416, an actor assessed to be aligned with the Chinese state, utilizing web bugs to profile their targets. Commonly referred to as tracking pixels, web bugs embed a hyperlinked non-visible object within the body of an email that, when enabled, will attempt to retrieve a benign image file from ...
- Deep dive: Vulnerabilities in ZTE router could lead to complete attacker control of the device
March 7, 2022
Cisco Talos’ vulnerability research team disclosed multiple vulnerabilities in the ZTE MF971R wireless hotspot and router in October. Several months removed from that disclosure and ZTE’s patch, researchers decided to take an even closer look at two of these vulnerabilities — CVE-2021-21748 and CVE-2021-21745 — to show how they could be chained together by an ...