Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Hackers use fake Windows error logs to hide malicious payload
June 19, 2020
Hackers have been using fake error logs to store ASCII characters disguised as hexadecimal values that decode to a malicious payload designed to prepare the ground for script-based attacks. The trick is part of a longer chain with intermediary PowerShell commands that ultimately delivers a script for reconnaissance purposes. MSP threat detection provider Huntress Labs discovered an attack scenario ...
- Australian PM says nation under serious state-run ‘cyber attack’ – Microsoft, Citrix, Telerik UI bugs ‘exploited’
June 19, 2020
Australian Prime Minister Scott Morrison has called a snap press conference to reveal that the nation is under cyber-attack by a state-based actor, but the nation’s infosec advice agency says that while the attacker has gained access to some systems it has not conducted “any disruptive or destructive activities within victim environments.” Morrison said the attack ...
- Forward-looking security analysis of smart factories [Part 4] – MES database compromises
June 18, 2020
If I had to describe the role of the MES (Manufacturing Execution System) in a single phrase, it would be “manufacturing playmaker.” As I mentioned in the previous column, the manufacturing process is divided into multiple layers, and the system performs a different role in each layer. The MES is at the top layer of the ...
- Why did this Bank of America phishing email bypass spam filters?
June 18, 2020
Threat actors trying to steal your credentials through phishing attackers is nothing new, and the number of campaigns has only been rising in recent times. Government estimates indicate that phishing is a multi-billion dollar industry, which is why cybersecurity companies exist that focus entirely on securing client’s inboxes from malicious email. Due to this, attackers continuously come up ...
- IcedID Banker is Back, Adding Steganography, COVID-19 Theme
June 18, 2020
A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity. Researchers at Juniper Threat Labs have uncovered an email spam campaign circulating in the ...
- InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership
June 18, 2020
The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat (APT) group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations in Ukraine and Russia. More recently, from late 2019 until at least this month, researchers ...