Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- SolarWinds hack analysis reveals 56% boost in command server footprint
April 22, 2021
A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed. The catastrophic SolarWinds security incident involved the compromise of the vendor’s network and later the deployment of malicious SolarWinds Orion updates to clients that contained a backdoor called Sunburst. Sunspot, designed to monitor the SolarWinds build ...
- Prometei botnet is hunting for unpatched Microsoft Exchange servers
April 22, 2021
Cyber criminals are trying to use vulnerabilities in Microsoft Exchange servers to add to their botnet for mining cryptocurrency – but the level of access they’re gaining means they could use their access for other, much more dangerous cyberattacks. Detailed by cybersecurity researchers at Cybereason, the Prometei botnet is a widespread global campaign that is targeting ...
- CVE-2020-24557 Trend Micro bug is being exploited in the wild
April 22, 2021
US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks. The vulnerability, tracked as CVE-2020-24557, affects the company’s Apex One and OfficeScan XG, two advanced security products aimed at enterprise customers. The bug was discovered ...
- Malware and ransomware gangs have found this new way to cover their tracks
April 22, 2021
Theres’s been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports. While HTTPS helps prevent eavesdropping, man-in-the-middle attacks, and hijackers who try to impersonate a trusted website, the protocol has also offered cover for cybercriminals to privately share information between a ...
- Tor-Based Botnet Malware Targets Linux Systems, Abuses Cloud Management Tools
April 22, 2021
The rise of threats that target Linux has dispelled the myth that there is no malware that goes after the ubiquitous operating system. As Linux attracts more attention from malicious actors, we have also started seeing threats evolving — abusing services like Ngrok and using functions to hunt and kill other competing malware. Most of the ...
- Novel Email-Based Campaign Targets Bloomberg Clients with RATs
April 21, 2021
A new email-based campaign by an emerging threat actor aims to spread various remote access trojans (RATs) to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and asserting it is likely the work of one actor from an Arabic-speaking country. Researchers ...