Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- New Avaddon Ransomware launches in massive smiley spam campaign
June 8, 2020
With a wink and a smile, the new Avaddon Ransomware has come alive in a massive spam campaign targeting users worldwide. Avaddon was launched at the beginning of this month and is actively recruiting hackers and malware distributors to spread the ransomware by any means possible. As its first known attack, the Avaddon Ransomware is being distributed in ...
- Hackers are targeting your smartphone as way into the company network
June 4, 2020
The number of phishing attacks targeting smartphones as the entry point for attempting to compromise enterprise networks has risen by more than a third over the course of just a few months. Analysis by cybersecurity company Lookout found that there’s been a 37% increase in mobile phishing attacks worldwide between the last three months of 2019 and the first ...
- Cisco’s warning: Critical flaw in IOS routers allows ‘complete system compromise’
June 4, 2020
Cisco has disclosed four critical security flaws affecting router equipment that uses its IOS XE and IOS software. The four critical flaws are part of Cisco’s June 3 semi-annual advisory bundle for IOS XE and IOS networking software, which includes 23 advisories describing 25 vulnerabilities. The 9.8 out of 10 severity bug, CVE-2020-3227, concerns the authorization controls for the ...
- Tycoon Ransomware Banks on Unusual Image File Tactic
June 4, 2020
A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain. The ransomware is housed in a trojanized version of the Java Runtime Environment (JRE), according to researchers at BlackBerry Cylance, and has been around ...
- U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked
June 4, 2020
A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the military for everything from ongoing evaluation for the ballistic ...
- Cycldek: Bridging the (air) gap
June 3, 2020
While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far. In this blog post we aim to bridge the knowledge gap on this group and provide a more thorough insight into its latest activities and modus ...