Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Billions of Passwords Offered for $2 in Cyber-Underground
February 8, 2021
A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords. The trove is an aggregate database that brings together older stolen data from breaches past – including credentials from Netflix, LinkedIn, ...
- Fortinet fixes critical vulnerabilities in SSL VPN and web firewall
February 7, 2021
Fortinet has fixed multiple severe vulnerabilities impacting its products. The vulnerabilities range from Remote Code Execution (RCE) to SQL Injection, to Denial of Service (DoS) and impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products. Multiple advisories published by FortiGuard Labs this month and in January 2021 mention various critical vulnerabilities that Fortinet has ...
- Signal ignores proxy censorship vulnerability, bans researchers
February 7, 2021
Signal, an end-to-end encrypted messaging platform was recently blocked by the Iranian government. To help its users bypass censorship in Iran, the company suggested a TLS proxy workaround. However, multiple researchers have now discovered flaws in the workaround that can let a censor or government authority probe into Signal TLS proxies, rendering these protections moot and potentially ...
- Eletrobras, Copel energy companies hit by ransomware attacks
February 5, 2021
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. State-controlled, both are key players in the country. Copel being the largest in the state of Paraná while Eletrobras is the largest power utility company in Latin America ...
- Cisco warns of critical remote code execution flaws in its small business VPN routers
February 5, 2021
Cisco is warning customers using its small business routers to upgrade the firmware to fix flaws that could give remote attackers root level access to the devices. The critical flaws affect the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers. These were the models Cisco recommended customers using unsupported small business routers to ...
- Hacking group also used an IE zero-day against security researchers
February 4, 2021
An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers. To perform their attacks, the threat actors created elaborate online ‘security researcher’ personas that would then ...