Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Hackers hijacking WhatsApp accounts without any need to crack the authentication
December 21, 2025
Security researchers are warning WhatsApp users about a growing account hijacking technique that does not rely on breaking passwords or bypassing encryption. Attackers exploit WhatsApp’s legitimate device-linking feature to quietly attach their own browser to a victim’s account. Once linked, the attacker can read messages in real time, download shared media, and send messages that appear ...
- Data breach exposes 400,000 bank customers’ information
December 20, 2025
A major data breach tied to U.S. fintech firm Marquis is rippling through banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data. At least 400,000 people are confirmed to be affected so far across multiple states. ...
- U.S. DOJ: Ukrainian National Pleads Guilty to Conspiracy to Use Ransomware
December 19, 2025
Earlier today, in federal court in Brooklyn, Artem Stryzhak pleaded guilty to conspiracy to commit fraud and related activity, including extortion, in connection with computers, for his role in a series of international ransomware attacks. Stryzhak, a Ukrainian citizen, was arrested in Spain in June 2024 and extradited to the United States on April 30, ...
- Cisco email security products actively targeted in zero-day campaign
December 19, 2025
A China-affiliated threat actor has been abusing a zero-day vulnerability in multiple Cisco email appliances to gain access to the underlying system and establish persistence. Cisco confirmed the news in a blog post and a security advisory, urging users to apply provided recommendations and harden their networks. In its announcement, Cisco said it first spotted the ...
- Thailand says Cambodia border fight is also a war on scammers
December 19, 2025
Thailand’s army has recast its deadly clash with Cambodia as a battle against cybercriminals, adding a new motive for bombing runs across the border that it says are aimed at rooting out scammers. Calling the strikes a “war against the scam army,” a military division involved in the border fight said this week it’s on the ...
- Cloud Atlas activity in the first half of 2025: what changed
December 19, 2025
Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and execute malicious code. In this report, Kaspersky researchers describe the infection chain and tools that the ...