US Authorities Issue RansomHub Ransomware Alert

RansomHub used to be nothing more than an affiliate of ALPHV (BlackCat). This group was responsible for the breach of Change Healthcare, when the healthcare firm paid a $22 million ransom demand in exchange for the stolen files. However, that affiliate never received their share of the spoils, since ALPHV’s operators took it all and vanished.

Becoming famous

RansomHub was left holding the stolen data and even tried, unsuccessfully, to extort Change Healthcare again.

Since then, the group worked diligently on creating a name for itself in the underground community, to some success. According to a recent report on Infosecurity Magazine, the group has so far successfully breached at least 210 organizations around the world. In late May, it assumed responsibility for the attack at auction house Christie’s, which took the company’s website offline hours before a major event. A few months later, in mid-July, the American drugstore chain Rite Aid also confirmed falling prey to the same organization.

In the advisory, CISA says that RansomHub is a ransomware-as-a-Service variant previously known as Cyclops and Knight, and that in recent times it started attracting affiliates from LockBit, and ALPHV.

“CISA encourages network defenders to review this advisory and apply the recommended mitigations,” the organization concludes, adding that software manufacturers should “take ownership of improving the security outcomes of their customers by applying secure by design methods”.

Via Infosecurity Magazine

More from TechRadar Pro

• Patelco confirms thousands of customers hit in ransomware attack
• Here's a list of the best firewall software around today
• These are the best endpoint security tools right now