June 20, 2024 at 05:32PM RansomHub ransomware has a Linux encryptor tailored for VMware ESXi environments. Launched in February 2024, RansomHub has affected over 45 victims across 18 countries. An ESXi variant was detected in April 2024, presenting a bug that defenders can exploit. Additionally, the encryptor has specific commands and a unique encryption scheme. … Read more
June 12, 2024 at 06:04AM Last spring, BlackCat/AlphV’s ransomware implosion left affiliates without money and infrastructure. RansomHub recruited the Scattered Spider threat group with promising ads on the Dark Web, offering attractive ransom splits and payment terms to avoid exit scams. This has resulted in rapid growth for RansomHub, with a prediction for continued expansion. … Read more
June 7, 2024 at 03:08PM Christie’s auction house faced a security breach by the RansomHub gang, compromising customer data between May 8 and 9. Christie’s responded by securing its network, engaging cybersecurity experts, and cooperating with law enforcement. The breach notification assured affected individuals that no misuse of their data had been detected. Christie’s also … Read more
June 7, 2024 at 02:46PM Frontier Communications suffered a data breach affecting 750,000 customers due to a cyberattack by RansomHub ransomware operation. Customers’ personal information, including names and Social Security Numbers, was exposed. Although no financial data was compromised, customers are advised to enroll in free credit monitoring and identity theft services. RansomHub threatened to … Read more
June 7, 2024 at 02:14PM Frontier Communications confirmed a cyberattack impacting 751,895 individuals, with stolen data limited to names and social security numbers. The company engaged cybersecurity experts, strengthened network security, and notified relevant authorities. Although claims of data theft affecting over 2 million people were made, the involvement of ransomware was not acknowledged by … Read more
June 5, 2024 at 05:35PM RansomHub ransomware recently exploited the ZeroLogon flaw in Windows Netlogon Remote Protocol (CVE-2020-1472) for initial access. Symantec identified the use of Atera, Splashtop, and NetScan tools. Organizations are advised to patch the vulnerability. RansomHub, a ransomware-as-a-service, has impacted numerous organizations. It shares extensive code overlaps with the Knight ransomware, likely … Read more
June 5, 2024 at 04:22PM RansomHub, a new cyber-crime group, has been identified as a possible rebrand of the Knight ransomware gang. It has been active in stealing and auctioning off data from various organizations using sophisticated techniques. There is evidence of overlap between RansomHub and Knight’s code, suggesting a connection between the two groups. … Read more
June 5, 2024 at 08:43AM RansomHub is a new Ransomware-as-a-Service believed to have evolved from the defunct Knight ransomware project. It operates as a data theft and extortion group, recently targeting United Health subsidiary Change Healthcare and international auction house Christie’s. Symantec analysts found commonalities with Knight, indicating a likely derived lineage, though operated by … Read more
June 5, 2024 at 07:01AM RansomHub, a new ransomware strain, has been identified as a rebranded version of Knight ransomware. It employs double extortion tactics and targets various platforms, using phishing campaigns for distribution. The group behind it has been linked to recent attacks and is recruiting affiliates. Ransomware activity has been on the rise, … Read more
June 4, 2024 at 10:37AM Cybercriminals behind the attack on Christie’s claimed to have auctioned off the stolen data after the company failed to meet a ransom demand. Christie’s spokesperson confirmed unauthorized access to client data, including personal identity information, leading to a cybersecurity incident. RansomHub sought a ransom payment and later allegedly sold the … Read more