RansomHub Never Sleeps Episode 1: The evolution of modern ransomware

[Gandalf_The_Grey]

Content source

https://www.group-ib.com/blog/ransomhub-never-sleeps-episode-1/

Discover how ransomware has evolved into a sophisticated cyber threat, with groups like RansomHub leading the charge. Learn more about their adaptability, TTPs, and the rise of Ransomware-as-a-service in this first-of-three-part trilogy.

Key discoveries in the blog

• RansomHub’s operators strategically advertised the group’s partnership program on RAMP forum on February 2, 2024.
• RansomHub’s operators took advantage of the impact of law enforcement operations on LockBit and ALPHV to release a partnership program and recruit affiliates of these groups.
• The threat actors likely acquired the ransomware and web application source code from the Knight (aka Cyclops) group.
• The ransomware works on different operating systems and architectures including x86, x64 and ARM as well as Windows, ESXi, Linux and FreeBSD.
• The group started to use PCHunter to stop and bypass endpoint security solutions.
• RansomHub used Filezilla as an exfiltration tool.
• RansomHub’s affiliates have disclosed around 44 healthcare companies including hospitals and clinics.
• Affiliates may eventually threaten and report cyber incidents to regulators such as PDPL (Personal Data Protection Law).