BleepingComputer reports that the Royal ransomware operation has been leveraging the newly emergent BlackSuit ransomware encryptor in limited attacks amid ongoing intrusions against enterprises.
While Royal ransomware, which descended from the Conti ransomware group, was previously thought to rebrand as BlackSuit, such a move by Royal suggests that it is only experimenting with a new encryptor, according to RedSense Partner and Head of R&D Yelisey Bohuslavskiy.
"They keep improving Emotet to try to revitalize it, and are working on IcedID a lot. Their experiments with new lockers are natural in this sense. I believe we may see more things like Blacksuit soon. But so far, it seems that both the new loader and the new BlackSuit locker were a failed experiment," Bohuslavskiy said. Such statements follow a Trend Micro study revealing significant overlaps between the encryptors of Royal ransomware and BlackSuit, including similarities in code, intermittent encryption techniques, and command line arguments.
SiliconAngle reports that ransomware attacks against the educational sector have significantly increased from 2018 to 2022 and are expected to reach a record high this year, with 85 attacks recorded during the first half of 2023 being almost two times higher than the same period in 2022.