Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Investigation launched into vulnerabilities found within US Judiciary case file system
January 8, 2021
The United States Judiciary has announced an audit into its systems, following concerns its case file system has been compromised. In making the announcement, the Judiciary said the Administrative Office of the US Courts was working with the Department of Homeland Security on a security audit relating to vulnerabilities in the Judiciary’s Case Management/Electronic Case Files ...
- Nissan NA source code leaked due to default admin:admin credentials
January 8, 2021
Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials. The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services. It is ...
- Nvidia releases security update for high-severity graphics driver vulnerabilities
January 8, 2021
Nvidia has released a round of security fixes tackling high-severity issues in the Nvidia GPU display driver and vGPU software. Released on Thursday, the technology giant said the patches deal with issues that “may lead to denial of service, escalation of privileges, data tampering, or information disclosure.” In total, Nvidia has resolved 16 vulnerabilities linked to the ...
- Adversary Infrastructure Report 2020: A Defender’s View
January 8, 2021
Recorded Future tracks the creation and modification of new malicious infrastructure for a multitude of post-exploitation toolkits, custom malware frameworks, and open-source remote access trojans. The effort has been ongoing since 2017, when Insikt Group created methodologies to identify the deployments of open-source remote access trojans (RATs). Recorded Future collected over 10,000 unique command and control ...
- TA551: Email Attack Campaign Switches from Valak to IcedID
January 7, 2021
TA551 (also known as Shathak) is an email-based malware distribution campaign that often targets English-speaking victims. The campaign discussed in this blog has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak. After mid-July 2020, this campaign has exclusively pushed IcedID malware, another information stealer. This ...
- FBI warns of Egregor ransomware extorting businesses worldwide
January 7, 2021
The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The FBI says in a TLP:WHITE Private Industry Notification (PIN) shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims since ...