DragonForce Claims to Be Taking Over RansomHub Ransomware Infrastructure https://thecyberexpress.com/dragonforce-claims-to-be-taking-over-ransomhub/ #DragonForceransomware #TheCyberExpressNews #TheCyberExpress #FirewallDaily #Ransomware #CyberNews #RansomHub
#ESETresearch discovered previously unknown links between the #RansomHub, #Medusa, #BianLian, and #Play ransomware gangs, and leveraged #EDRKillShifter to learn more about RansomHub’s affiliates. @SCrow357 https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/
RansomHub emerged in February 2024 and in just three months reached the top of the ransomware ladder, recruiting affiliates from disrupted #LockBit and #BlackCat. Since then, it dominated the ransomware world, showing similar growth as LockBit once did.
Previously linked to North Korea-aligned group #Andariel, Play strictly denies operating as #RaaS. We found its members utilized RansomHub’s EDR killer EDRKillShifter, multiple times during their intrusions, meaning some members likely became RansomHub affiliates.
BianLian focuses on extortion-only attacks and does not publicly recruit new affiliates. Its access to EDRKillShifter suggests a similar approach as Play – having trusted members, who are not limited to working only with them.
Medusa, same as RansomHub, is a typical RaaS gang, actively recruiting new affiliates. Since it is common knowledge that affiliates of such RaaS groups often work for multiple operators, this connection is to be expected.
Our blogpost also emphasizes the growing threat of EDR killers. We observed an increase in the number of such tools, while the set of abused drivers remains quite small. Gangs such as RansomHub and #Embargo offer their killers as part of the affiliate program.
IoCs available on our GitHub: https://github.com/eset/malware-ioc/tree/master/ransomhub
#RansomHub ransomware uses new #Betruger ‘multi-function’ backdoor
RansomHub Ransomware Unleashes Betruger: A Multi-Function Backdoor Threatening Cybersecurity
The emergence of the Betruger backdoor marks a significant evolution in ransomware tactics, allowing attackers to minimize the number of tools used during an attack. This custom malware, linked to the...
Ransomware Attacks Set Records in February: Cyble https://thecyberexpress.com/record-ransomware-attacks/ #TheCyberExpressNews #ransomwareattacks #AkiraRansomware #ContiRansomware #TheCyberExpress #RansomwareNews #cl0pransomware #PlayRansomware #FirewallDaily #Fogransomware #Ransomware #CyberNews #RansomHub #LockBit
New post from #Ransomhub : Snoqualmietribe.Us
More at : https://www.ransomlook.io/group/Ransomhub #Ransomware
#Grohe AG von #Ransomware-Attacke betroffen
"Die Grohe AG zählt zu den bekanntesten deutschen Herstellern von Armaturen und Sanitärprodukten. Die berüchtigte Ransomware-Bande #Ransomhub listet das Unternehmen nun als Opfer auf ihrer Darknet-Seite. Die Hacker behaupten, erfolgreich eingedrungen zu sein und 100 Gigabyte Daten erbeutet zu haben."
https://www.csoonline.com/article/3808703/grohe-ag-mutmaslich-von-ransomware-attacke-betroffen.html
New post from #Ransomhub : Www.Metlife.Com
More at : https://www.ransomlook.io/group/Ransomhub #Ransomware
Interboro School District in PA was added to #RansomHub leak site today with a few screencaps as POC. The screencaps are internal files and what appear to be two employee-related pieces of personal information. There is nothing on Interboro's website about any #databreach at this time.
Change Healthcare Breach Hits 100M Americans - Change Healthcare says it has notified approximately 100 million Americans that th... https://krebsonsecurity.com/2024/10/change-healthcare-breach-hits-100m-americans/ #u.s.departmentofhealthandhumanresources #unitedhealthgroup #latestwarnings #thecomingstorm #sen.markwarner #databreaches #hipaajournal #sen.ronwyden #antheminc. #transunion #ransomhub #blackcat #experian #equifax #alphv #idx
New post from #Ransomhub : Libraries.Delaware.Gov
More at : https://www.ransomlook.io/group/Ransomhub #Ransomware
I can’t stop thinking about the potential privacy and safety implications of any of this data being available. From Planned Parenthood in a red state, no less.
New post from #Ransomhub : Www.Parknfly.Ca
More at : https://www.ransomlook.io/group/Ransomhub #Ransomware
New post from #Ransomhub : Plannedparenthood.Org
More at : https://www.ransomlook.io/group/Ransomhub #Ransomware
@BleepingComputer @cisacyber coincidentally released a #cybersecurity advisory earlier today on RansomHub with TTPs, IOCs, and mitigation steps.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
Last week we have observed 91 events across 26 countries and attributed them to 27 ransomwares.
The top targeted country was #UnitedStates and the most targeted sector was #Construction.
The ransomware #RansomHub has been busy with 13 new events (14%)!
Rite Aid says 2.2 million people affected in data breach https://www.malwarebytes.com/blog/news/2024/07/rite-aid-says-2-2-million-people-affected-in-data-breach #Ransomware #RansomHub #Privacy #riteaid #News
RansomHub ransomware – what you need to know - Despite first appearing earlier this year, RansomHub is already considered one of the mos... https://www.tripwire.com/state-of-security/ransomhub-ransomware-what-you-need-know #ransomware #ransomhub #dataloss #malware
Ransomware Alert
RansomHub #ransomware group has added 4 new victims to their #darkweb portal.
- SF Medical Products 
- Hauptmann GmbH 
- https://t.co/IlCuhuLCBs SRL 
- Daesang America 
#Germany #Austria
#Italy #USA
#RansomHub #CyberAttack #DataBreach #Infosec https://t.co/X4NybR1z4u
https://twitter.com/FalconFeedsio/status/1808348483180487040
#vx-underground #cysec
Clevo gaming laptop-maker claimed by RansomHub ransomware gang
#Clevo #RansomHub #ransomware #cybersecurity #infosec
