Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Ukraine Cyberattack 2022: Geopolitical Cybersecurity
February 18, 2022
Europe is on a knife-edge. With over 130,000 Russian troops amassed on the Ukrainian border, the region is witnessing the biggest build-up of firepower since the cold war. Inevitably, there is also cyber-dimension to this conflict. Mounting attacks on Ukrainian websites and I.T. infrastructure are making policymakers in Washington and elsewhere nervous should tensions rise ...
- Microsoft Teams Targeted With Takeover Trojans
February 17, 2022
Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops malicious executable files in Teams conversations that, when clicked on, eventually take over the ...
- Hackers can crash Cisco Secure Email gateways using malicious emails
February 17, 2022
Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw (tracked as CVE-2022-20653) was found in DNS-based Authentication of Named Entities (DANE), a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and ...
- Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
February 16, 2022
From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of ...
- Red Cross: State hackers breached our network using Zoho bug
February 16, 2022
The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group. During the incident, the attackers gained access to the personal information (names, locations, and contact information) of over 515,000 people in the “Restoring Family Links” program ...
- ‘Ice phishing’ on the blockchain
February 16, 2022
The technologies that connect us are continually advancing, and while this brings tremendous new capabilities to users, it also opens new attack surfaces for adversaries and abusers. Social engineering represents a class of threats that has extended to virtually every technology that enables human connection. Our recent analysis of a phishing attack connected to the ...