Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Second data-wiping malware found in Ukraine, says ESET
March 1, 2022
The disk-wiping malware that tore through at least hundreds of Ukrainian Windows systems at the start of Russia’s occupation wasn’t alone. Slovakian infosec firm ESET has found a second similar strain in Ukraine. “Malware artefacts suggest that the attacks had been planned for several months,” said the biz. Last week, as the Russian armed forces invaded ...
- Insurance giant AON hit by a cyberattack over the weekend
February 28, 2022
Professional services and insurance giant AON has suffered a cyberattack that impacted a “limited” number of systems. AON is a multinational professional services firm offering a wide array of solutions, including business insurance, reinsurance, cybersecurity consulting, risk solutions, healthcare insurance, and wealth management products. AON generated $12.2 billion of revenue in 2021 and has approximately 50,000 employees ...
- Manufacturing is the most targeted sector by ransomware in Brazil
February 28, 2022
According to a report published by IBM on security threats in Latin America, companies from the manufacturing sector are feeling the greatest impact of attacks orchestrated by ransomware gangs. Ransomware, corporate email compromise, and credential harvesting together brought bring sector companies to a standstill in Latin America in 2021, further straining supply chains, the X-Force Threat ...
- Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
February 28, 2022
New research by the Symantec Threat Hunter team, part of Broadcom Software, has uncovered a highly sophisticated piece of malware being used by China-linked threat actors, exhibiting technical complexity previously unseen by such actors. The malware appears to be used in a long-running espionage campaign against select governments and other critical infrastructure targets. There is strong ...
- Toyota supplier reports cyberattack that halts production across Japan
February 28, 2022
Toyota has shut down production at 14 of its plants in Japan after a supplier reported a cyberattack, according to a statement provided to Reuters and the Associated Press. Toyota did not respond to multiple requests for comment but said the outages were the result of a “supplier system failure.” Kojima Industries Corp, one of the ...
- Microsoft finds FoxBlade malware on Ukrainian systems, removes RT from Windows app store
February 28, 2022
Microsoft says it found a new malware package — which it calls “FoxBlade” — hours before Russia began its invasion of Ukraine on February 24. In a blog post, Microsoft president Brad Smith said it was coordinating its efforts to protect users in Ukraine with the Ukrainian government, the European Union, European nations, the US government, ...