Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector
October 29, 2020
On Oct. 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) released a joint cybersecurity alert regarding an increased and imminent cybersecurity threat to the U.S. healthcare system. Threat operators have displayed a heightened interest in targeting the healthcare and the public ...
- Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
October 29, 2020
Domain parking services offer a simple solution for domain owners to monetize their sites’ traffic through third-party advertisements. While domain parking might appear harmless at first glance, parked domains pose significant threats, as they can redirect visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time. We have been detecting ...
- FBI warning: Trickbot and ransomware attackers plan big hit on US hospitals
October 29, 2020
US healthcare providers, already under pressure from the COVID-19 pandemic, have been put on high alert over Trickbot malware and ransomware targeting the sector. The warning over an “imminent cybercrime threat to US hospitals and healthcare providers” comes from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), ...
- Maze ransomware is shutting down its cybercrime operation
October 29, 2020
The Maze cybercrime gang is shutting down its operations after rising to become one of the most prominent players performing ransomware attacks. The Maze ransomware began operating in May 2019 but became more active in November. That’s when the media-savvy operation revolutionized ransomware attacks by introducing a double-extortion tactic. Read more… Source: Bleeping Computer
- North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
October 28, 2020
The North Korean advanced persistent threat (APT) group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Kimsuky (a.k.a. Hidden Cobra) has been operating as a cyberespionage group since 2012 under the auspices of the regime in ...
- Trump Campaign Website Defaced by Cryptocurrency Scam
October 28, 2020
Hackers took over President Trump’s 2020 election campaign website late Tuesday, replacing parts of the site with a cryptocurrency scam before returning it to its original content several minutes later. Journalist Gabriel Lorenzo Greschler was the first to notice the attack while he was doing research for a climate-change article, he wrote in a tweet. The ...