DragonForce Claims to Be Taking Over RansomHub Ransomware Infrastructure https://thecyberexpress.com/dragonforce-claims-to-be-taking-over-ransomhub/ #DragonForceransomware #TheCyberExpressNews #TheCyberExpress #FirewallDaily #Ransomware #CyberNews #RansomHub
#ESETresearch discovered previously unknown links between the #RansomHub, #Medusa, #BianLian, and #Play ransomware gangs, and leveraged #EDRKillShifter to learn more about RansomHub’s affiliates. @SCrow357 https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/
RansomHub emerged in February 2024 and in just three months reached the top of the ransomware ladder, recruiting affiliates from disrupted #LockBit and #BlackCat. Since then, it dominated the ransomware world, showing similar growth as LockBit once did.
Previously linked to North Korea-aligned group #Andariel, Play strictly denies operating as #RaaS. We found its members utilized RansomHub’s EDR killer EDRKillShifter, multiple times during their intrusions, meaning some members likely became RansomHub affiliates.
BianLian focuses on extortion-only attacks and does not publicly recruit new affiliates. Its access to EDRKillShifter suggests a similar approach as Play – having trusted members, who are not limited to working only with them.
Medusa, same as RansomHub, is a typical RaaS gang, actively recruiting new affiliates. Since it is common knowledge that affiliates of such RaaS groups often work for multiple operators, this connection is to be expected.
Our blogpost also emphasizes the growing threat of EDR killers. We observed an increase in the number of such tools, while the set of abused drivers remains quite small. Gangs such as RansomHub and #Embargo offer their killers as part of the affiliate program.
IoCs available on our GitHub: https://github.com/eset/malware-ioc/tree/master/ransomhub
#RansomHub ransomware uses new #Betruger ‘multi-function’ backdoor
Ransomware Attacks Set Records in February: Cyble https://thecyberexpress.com/record-ransomware-attacks/ #TheCyberExpressNews #ransomwareattacks #AkiraRansomware #ContiRansomware #TheCyberExpress #RansomwareNews #cl0pransomware #PlayRansomware #FirewallDaily #Fogransomware #Ransomware #CyberNews #RansomHub #LockBit
RansomHub: The New King of Ransomware? In 2024, this rising cyber threat targeted 600 organizations after ALPHV & LockBit disruptions. Researchers reveal its rapid growth. 
Read: https://hackread.com/ransomhub-king-of-ransomware-600-firms-2024/
#Grohe AG von #Ransomware-Attacke betroffen
"Die Grohe AG zählt zu den bekanntesten deutschen Herstellern von Armaturen und Sanitärprodukten. Die berüchtigte Ransomware-Bande #Ransomhub listet das Unternehmen nun als Opfer auf ihrer Darknet-Seite. Die Hacker behaupten, erfolgreich eingedrungen zu sein und 100 Gigabyte Daten erbeutet zu haben."
https://www.csoonline.com/article/3808703/grohe-ag-mutmaslich-von-ransomware-attacke-betroffen.html
HCF Management healthcare facilities hit by ransomware attack; more than 70,000 patients affected:
