Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
February 24, 2022
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have observed a group of Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting ...
- Financial cyberthreats in 2021
February 23, 2022
The year 2021 was eventful in terms of digital threats for organizations and individuals, and financial institutions were no exception. Throughout the past year, we have seen cybercriminals continue to actively target our users with tools and techniques that emerged due to the pandemic. Imperfections in the transition to remote/hybrid work continue to pose a ...
- New phishing campaign targets Monzo online-banking customers
February 20, 2022
Users of Monzo, one of the UK’s most popular digital-only banking platforms, are being targeted by phishing messages supported by a growing network of malicious websites. Monzo is a 100% online banking platform with over four million customers and among the first to challenge the traditional financial managing system. The mobile-only platform offers a feature-rich app, debit ...
- CISA Insights: Foreign Influence Operations Targeting Critical Infrastructure
February 18, 2022
CISA has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical ...
- NCSC-NZ Releases Advisory on Cyber Threats Related to Russia-Ukraine Tensions
February 18, 2022
The New Zealand National Cyber Security Centre (NCSC-NZ) has released a General Security Advisory (GSA) on preparing for cyber threats relating to tensions between Russia and Ukraine. The advisory recommends organizations review their security posture and monitor for cyber incidents and provides additional resources to help protect against potential threats. CISA encourages all users to review ...
- Cybercrime: Dark web carding forum users are getting worried after a string of shutdowns
February 18, 2022
Cybercriminals are getting spooked by the sudden disappearance of a number of prominent dark web marketplaces, leading some to wonder if time is up on their illegal, underground activities. Cybersecurity researchers at Digital Shadows have analysed activity on carding forums – dark web marketplaces where criminals buy and sell stolen credit card information and other personal ...