A ransomware attack by Ignoble Scorpius utilized compromised VPN credentials to infiltrate a manufacturing company, leading to significant data exfiltration and the deployment of BlackSuit ransomware across their infrastructure. Unit 42 intervened, expanding the client's security measures and successfully negating a $20 million ransom demand while providing strategic recommendations for future protection against similar threats.

Anubis ransomware has introduced a wiper module that destroys files beyond recovery, increasing pressure on victims to pay the ransom. This new feature was discovered in recent samples, marking a significant escalation in the malicious capabilities of this ransomware-as-a-service operation, which began its affiliate program in early 2024. Anubis employs various tactics to avoid detection and enhance its effectiveness, including phishing attacks to initiate infections.