Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Gun owners’ fears after Guntrader.uk data breach
July 23, 2021
Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a “security breach”. Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner’s Office. Police, including the National Crime Agency, are investigating. Read ...
- Updated XCSSET Malware Targets Telegram, Other Apps
July 22, 2021
In the last update on the XCSSET campaign, security researchers at Trend Micro updated some of its features targeting latest macOS 11 (Big Sur). Since then, the campaign added more features to its toolset, which we have continually monitored. We have also discovered the mechanism used to steal information from various apps, a behavior that ...
- Industrial Networks Exposed Through Cloud-Based Operational Tech
July 22, 2021
The benefits of using a cloud-based management platform to monitor and configure industrial control systems (ICS) devices are obvious — efficiency, cost-savings and better diagnostics just for starters. But new research found critical vulnerabilities in these platforms that could be used to paralyze operations if left unmitigated. An analysis by Claroty’s newly branded Team82 research team ...
- Kaseya obtains universal decryptor for REvil ransomware victims
July 22, 2021
Kaseya received a universal decryptor that allows victims of the July 2nd REvil ransomware attack to recover their files for free. On July 2nd, the REvil ransomware operation launched a massive attack by exploiting a zero-day vulnerability in the Kaseya VSA remote management application to encrypt approximately sixty managed service providers and an estimated 1,500 businesses. Read ...
- Attacks on critical infrastructure are dangerous. Soon they could turn deadly, warn analysts
July 22, 2021
Tech analyst firm Gartner reckons that hackers will have turned computer systems into weapons to the point that they could injure or kill humans by 2025, and that beyond the human tragedy it will cost businesses $50 billion to remediate across IT systems, litigation and compensation. Past malware attacks, such as Stuxnet, which is believed to ...
- NPM Package Steals Passwords via Chrome’s Account-Recovery Tool
July 21, 2021
A credentials-stealing code bomb that uses legitimate password-recovery tools in Google’s Chrome web browser was found lurking in the npm open-source code repository, waiting to be planted within the sprawling galaxy of apps that pull code from that source. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also ...