Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius.
Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries. The group describes themselves as an “extortioner named BlackSuit” and claims to reverse file encryption for “quite a small compensation essentially.” Although the group states the compensation is small, Unit 42 has observed that, on average, the initial ransom demand is about equal to 1.6% of the victim organization’s annual revenue.
Read more…
Source: Trend Micro
Related:
- Single Malicious GIF Opened Microsoft Teams to Nasty Attack
April 27, 2020
Microsoft has fixed a subdomain takeover vulnerability in its collaboration platform Microsoft Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. The attack simply involved tricking a victim into viewing a malicious GIF ...
- Israel government tells water treatment companies to change passwords
April 27, 2020
The Israeli government says that hackers have targeted its water supply and treatment facilities last week. In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can’t be changed, the agency recommended taking ...
- Hackers are exploiting a Sophos firewall zero-day
April 26, 2020
Cyber-security firm Sophos has published an emergency security update on Saturday to patch a zero-day vulnerability in its XG enterprise firewall product that was being abused in the wild by hackers. Sophos said it first learned of the zero-day on late Wednesday, April 22, after it received a report from one of its customers. The customer reported seeing ...
- Facebook-NSO lawsuit: Hundreds of WhatsApp attacks linked to one IP address
April 24, 2020
The legal case between Facebook and Israeli spyware vendor NSO Group is starting to yield the details tech and cyber-security experts have been waiting since Facebook filed its lawsuit in October 2019. In court documents filed yesterday, Facebook said it linked 720 instances of attacks against WhatsApp users to one single IP address. The attacks were carried out ...
- A look at the ATM/PoS malware landscape from 2017-2019
April 23, 2020
From remote administration and jackpotting, to malware sold on the Darknet, attacks against ATMs have a long and storied history. And, much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like as of 2020? Let’s take a look. ATM attacks aren’t ...
- NSA shares list of vulnerabilities commonly exploited to plant web shells
April 23, 2020
The US National Security Agency (NSA) and the Australian Signals Directorate (ASD) have published a security advisory this week warning companies to search web-facing and internal servers for common web shells. Web shells are one of today’s most popular forms of malware. The term “web shell” refers to a malicious program or script that’s installed on ...