Categories: CyberCrimeSecurity

RansomHub Gang Breaches More Than 200 Organisations

Affiliates of the RansomHub ransomware gang have carried out attacks on at least 210 organisations since February, US officials have warned.

They said the group has grown rapidly in part by picking up affiliates from two other ransomware groups that disappeared ealier this year.

RansomHub operates on an infrastructure-as-a-service model, where affiliates use its infrastructure to compromise a target and encrypt its systems, demanding a ransom to provide a decryption key.

As is increasingly common, RansomHub affiliates also exfiltrate data and threaten to release it publicly if the ransom is not paid.

Fast growth

Different affiliates use various methods for exfiltrating data, said the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and two other agencies in a co-authored advisory.

Affiliates have targeted a wide range of sectors, including water, IT, government, healthcare, emergency services, agriculture, financial services, critical manufacturing, transportation and critical communications infrastructure, the advisory said.

Targets have included credit union Patelco, drugstore chain Rite Aid, auction house Christie’s, telecom provider Frontier Communications and oil services giant Halliburton, which disclosed in an SEC filing that it was compromised on 21 August.

The gang, formerly known as Cyclops and Knight, “has established itself as an efficient and successful service model,” the agencies said.

Disruption

RansomHub’s quick growth is in part due to the disappearance of two major groups earlier this year, they said – LockBit, which was disrupted by an international law enforcement action in February, and AlphV, also known as BlackCat, which shut down in March.

Ransomware infrastructure providers normally receive payment before sending the portion due to the affiliate who carried out the attack, but affiliates must trust the provider to send them their cut.

In March this system took a blow with the disappearance of the gang AlphV, also known as BlackCat, which is believed to have received a $22 million (£17m) payment from dominant US healthcare payments provider Change Healthcare before disappearing without paying its affiliate.

‘Exit scam’

A notice was displayed on the AlphV website claiming the gang was taken down by law enforcement groups including the FBI and the UK’s National Crime Agency, but the NCA said it was not involved in any such action, which along with other factors led security researchers to conclude AlphV’s departure was an “exit scam”.

RansomHub allows affiliates to collect payments themselves, making it all the more attractive to former AlphV affiliates, security experts have said.

The US agencies recommended mitigation measures including patching vulnerabilities that have already been exploited in the wild and use of two-factor authentication.

They advised against paying ransoms as it does not guarantee files will be recovered and “payment may also embolden adversaries to target additional organisations”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

21 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

23 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

1 day ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

2 days ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

2 days ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

2 days ago