Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA), released a new security advisory detailing a prolific ransomware threat actor. The advisory, called “#StopRansomware: RansomHub Ransomware”, discusses the RansomHub group, and was written in partnership with the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISCA), and the Department of Health and Human Services (HHS).
In the advisory, the government agencies list indicators of compromise (IoC), tactics, techniques and procedures (TTP), and detection methods, all to help organizations better identify the attack, and stop it in its tracks.
RansomHub used to be nothing more than an affiliate of ALPHV (BlackCat). This group was responsible for the breach of Change Healthcare, when the healthcare firm paid a $22 million ransom demand in exchange for the stolen files. However, that affiliate never received their share of the spoils, since ALPHV’s operators took it all and vanished.
Becoming famous
RansomHub was left holding the stolen data and even tried, unsuccessfully, to extort Change Healthcare again.
Since then, the group worked diligently on creating a name for itself in the underground community, to some success. According to a recent report on Infosecurity Magazine, the group has so far successfully breached at least 210 organizations around the world. In late May, it assumed responsibility for the attack at auction house Christie’s, which took the company’s website offline hours before a major event. A few months later, in mid-July, the American drugstore chain Rite Aid also confirmed falling prey to the same organization.
In the advisory, CISA says that RansomHub is a ransomware-as-a-Service variant previously known as Cyclops and Knight, and that in recent times it started attracting affiliates from LockBit, and ALPHV.
“CISA encourages network defenders to review this advisory and apply the recommended mitigations,” the organization concludes, adding that software manufacturers should “take ownership of improving the security outcomes of their customers by applying secure by design methods”.
More from TechRadar Pro
- Patelco confirms thousands of customers hit in ransomware attack
- Here's a list of the best firewall software around today
- These are the best endpoint security tools right now