Skip to content
RansomHub Ransomware Profile
Quick Facts
- Type: Ransomware
- First Discovered: 10th February 2024
- Latest Activity: 1st November 2024
- Languages: Russian
Industries Targeted
- Business Services
- Retail
- Manufacturing
- Educational Services
- Government
- Finance
- Construction
Geography of Victims
- United States
- Brazil
- Italy
- UK
- Spain
- Australia
- India
Notable Victims
- Frontier
- Christie's Auction House
- Rite Aid
- California Credit Union
Modus Operandi
- Initial access through unpatched vulnerabilities and phishing attacks to infiltrate networks and launch ransomware campaigns.
- Double extortion by encrypting and exfiltrating victims' data to pressure them into paying to avoid data loss and public exposure.
- Operating as a Ransomware-as-a-Service (RaaS), RansomHub allows affiliates to use its platform for attacks, broadening its reach and adaptability.
Notable Features
- RansomHub incorporates EDRKillShifter into its attack chain to disable endpoint detection and response (EDR) and antivirus protections, enhancing its ability to evade security measures.
- The ransomware exploits the Zerologon vulnerability (CVE-2020-1472), allowing attackers to bypass authentication and potentially take control of entire networks if the vulnerability remains unpatched.
- RansomHub has been observed attacking various industries and critical infrastructure sectors, including water and wastewater systems, IT, commercial and government facilities, healthcare, agriculture, financial services, manufacturing, transportation, and communications.
Comments
