Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- SOVA, Worryingly Sophisticated Android Trojan, Takes Flight
September 10, 2021
A new Android banking trojan named SOVA (“owl” in Russian) is under active development, researchers said, and it has big dreams even in its infancy stage. The malware is looking to incorporate distributed denial of service (DDoS), man in the middle (MiTM) and ransomware functionality into its arsenal – on top of existing banking overlay, ...
- Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
September 9, 2021
Microsoft has disclosed the existence of a new zero-day vulnerability that affects multiple versions of Windows. This vulnerability (designated as CVE-2021-40444) is currently delivered via malicious Office 365 documents and requires user input to open the file to trigger. It should be noted that by default, Office documents downloaded from the internet are opened either ...
- Hackers leak passwords for 500,000 Fortinet VPN accounts
September 8, 2021
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. While the threat actor states that the exploited Fortinet vulnerability has since been patched, they claim that many VPN credentials are still valid. This leak is a serious incident as the VPN ...
- AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle
September 8, 2021
AT&T’s Alien Labs security division has sounded the alarm on a malware campaign from TeamTNT which, it claims, has gone almost entirely undetected by anti-virus systems – and which is turning target devices into cryptocurrency miners. Described by Alien Labs researcher Ofer Caspi as “one of the most active threat groups since 2020,” TeamTNT is known ...
- Russia’s Yandex suffers biggest cyberattack yet
September 8, 2021
Russian Internet corporation Yandex revealed on Tuesday that the company’s servers experienced the biggest known denial-of-service (DDoS) attack in Russia’s online space last weekend. Cloudflare, an American web infrastructure firm and a partner of Yandex confirmed the record large scale of the cyberattack. The spokesperson for Russia’s tech giant mentioned that a part of the nation’s ...
- Ragnar Locker Gang Warns Victims Not to Call the FBI
September 7, 2021
All that the FBI/ransomware negotiators/investigators do is muck things up, so we’re going to publish your stuff if you call for help, the Ragnar Locker ransomware gang announced on its darknet data-leak site. In an announcement posted this week and seen by Bleeping Computer, the ransomware operators threatened to publish all the data of victimized organizations ...