Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Brazil’s court system under massive RansomExx ransomware attack
November 5, 2020
Brazil’s Superior Court of Justice was hit by a ransomware attack on Tuesday during judgment sessions that were taking place over video conference. “The Superior Court of Justice (STJ) announces that the court’s information technology network suffered a hacker attack on Tuesday (3), during the afternoon, when the six group classes’ judgment sessions took place,” STJ ...
- Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
November 5, 2020
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept (PoC) exploit code has been released, opening ...
- Attacks on industrial enterprises using RMS and TeamViewer: new data
November 5, 2020
In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. We reported these attacks in 2018 in an article entitled “Attacks on industrial enterprises using RMS ...
- New APT hacking group leverages ‘KilllSomeOne’ DLL side-loading
November 5, 2020
A new, Chinese advanced persistent threat (APT) group making the rounds performs DLL side-loading attacks including the phrase “KilllSomeOne.” According to Sophos researcher Gabor Szappanos, the group — suspected to be of Chinese origin — is targeting corporate organizations in Myanmar using poorly-written English messages relating to political subjects. Side-loading utilizes DLL spoofing to abuse legitimate Windows ...
- QBot phishing lures victims using US election interference emails
November 4, 2020
The Qbot botnet is now spewing U.S. election-themed phishing emails used to infect victims with malicious payloads designed to harvest user data and emails for use in future campaigns. Qbot (aka Qakbot, Pinkslipbot, and Quakbot) is a banking trojan with worm features actively used since at least 2009 to steal financial data and ...
- As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor
November 4, 2020
As the developers of the Maze ransomware announce their exit from the malware scene, clients are now thought to be turning to Egregor as a substitute. The Maze group has been a devastating force for companies that have fallen victim to the cybercriminals over the past year. What has separated Maze in the past from many other ...