Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
January 24, 2022
While monitoring of the LockBit ransomware’s intrusion set, Trend Micro researchers found an announcement for LockBit Linux-ESXi Locker version 1.0 on October 2021 in the underground forum “RAMP,” where potential affiliates can find it. This signifies the LockBit ransomware group’s efforts to expand its targets to Linux hosts. Since October, we have been seeing samples ...
- Malicious PowerPoint files used to push remote access trojans
January 24, 2022
Since December 2021, a growing trend in phishing campaigns has emerged that uses malicious PowerPoint documents to distribute various types of malware, including remote access and information-stealing trojans. According to a report by Netskope’s Threat Labs shared with Bleeping Computer before publication, the actors are using PowerPoint files combined with legitimate cloud services that host the ...
- CISA adds 17 vulnerabilities to list of bugs exploited in attacks
January 22, 2022
This week, the Cybersecurity and Infrastructure Security Agency (CISA) added seventeen actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog’ is a list of vulnerabilities that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies. “Binding Operational Directive ...
- McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges
January 21, 2022
McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM. According to McAfee’s bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint Security, among other McAfee products. The Agent is the piece of ...
- New MoonBounce UEFI malware used by APT41 in targeted attacks
January 20, 2022
Security analysts have discovered and linked MoonBounce, “the most advanced” UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti). APT41 is a notorious hacking group that has been active for at least a decade and is primarily known for its stealthy cyber-espionage operations against high-profile organizations ...
- Indonesia c.bank says ransomware attack did not impact services
January 20, 2022
Indonesia’s central bank said on Thursday that it had been attacked last month by ransomware, but the risk from the attack had been mitigated and did not affect its public services. “We were attacked, but so far so good as we took anticipatory measures and most importantly public services at Bank Indonesia were not disrupted at ...