Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

US Authorities Issue RansomHub Ransomware Alert

Ransomware attack on a computer.

Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA), released a new security advisory detailing a prolific ransomware threat actor. The advisory, called “#StopRansomware: RansomHub Ransomware”, discusses the RansomHub group, and was written in partnership with the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISCA), and the Department of Health and Human Services (HHS).

In the advisory, the government agencies list indicators of compromise (IoC), tactics, techniques and procedures (TTP), and detection methods, all to help organizations better identify the attack, and stop it in its tracks.

RansomHub used to be nothing more than an affiliate of ALPHV (BlackCat). This group was responsible for the breach of Change Healthcare, when the healthcare firm paid a $22 million ransom demand in exchange for the stolen files. However, that affiliate never received their share of the spoils, since ALPHV’s operators took it all and vanished.

Becoming famous

RansomHub was left holding the stolen data and even tried, unsuccessfully, to extort Change Healthcare again.

Since then, the group worked diligently on creating a name for itself in the underground community, to some success. According to a recent report on Infosecurity Magazine, the group has so far successfully breached at least 210 organizations around the world. In late May, it assumed responsibility for the attack at auction house Christie’s, which took the company’s website offline hours before a major event. A few months later, in mid-July, the American drugstore chain Rite Aid also confirmed falling prey to the same organization.

In the advisory, CISA says that RansomHub is a ransomware-as-a-Service variant previously known as Cyclops and Knight, and that in recent times it started attracting affiliates from LockBit, and ALPHV.

“CISA encourages network defenders to review this advisory and apply the recommended mitigations,” the organization concludes, adding that software manufacturers should “take ownership of improving the security outcomes of their customers by applying secure by design methods”.

Via Infosecurity Magazine

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.