Cyber-Insiders-v9-spreads - Flipbook - Page 26
The Rise of RansomHub
RansomHub has quickly gained
traction, targeting multiple sectors
with its attacks. Notably, the
group’s activities have intensi昀椀ed
following the law enforcement
crackdowns on other prominent
ransomware groups such as
ALPHV (BlackCat) and LockBit
in late 2023 and early 2024.
In March 2024, RansomHub
initiated a recruitment drive on
underground forums, likely aiming
to absorb a昀케liates from these
disrupted groups. This recruitment
e昀昀ort has reportedly attracted
resources and talent from a昀케liates
previously associated with ALPHV
and LockBit, further solidifying
RansomHub’s position in the
cybercriminal underworld.
Evidence of RansomHub’s growing
in昀氀uence includes the group’s
association with ALPHV in terms
of shared source code and tactics.
In April 2024, RansomHub brie昀氀y
listed Change Healthcare, a
subsidiary of United Health Group,
on its extortion leak site before
removing the entry, possibly
indicating that a ransom was paid.
This incident followed a February
2024 attack on Change Healthcare,
initially attributed to an ALPHV
a昀케liate, who later leaked the stolen
data to RansomHub after ALPHV’s
involvement in an exit scam.
The group has also expanded its
operations to critical infrastructure,
targeting industrial control systems
(ICS) in various attacks. For instance,
RansomHub is suspected to have
disabled Supervisory Control and
Data Acquisition (SCADA) systems
during an attack on a Serbian
gas storage provider. The group
also disrupted operations at a
Spanish biogas energy facility
and a Colombian electricity
distribution company. While ICStargeting ransomware is not new,
RansomHub’s increasing focus on
such high-impact targets suggests
a potential escalation in the threat
level posed by this group.
Given RansomHub’s rapid growth
and aggressive recruitment
strategies, it is poised to become
one of the most prominent RaaS
platforms of 2024, with a signi昀椀cant
capability to in昀氀ict widespread
disruption across various industries.
RANSOMHUB EXEMPLIFIES THE EVOLVING THREAT
LANDSCAPE WHERE CYBERCRIME SERVICES ARE
INCREASINGLY PROFESSIONALISED, MAKING IT
IMPERATIVE FOR ORGANISATIONS TO ADOPT A MULTILAYERED DEFENCE STRATEGY TO MITIGATE THESE RISKS.
26
|
ADARMA CYBER INSIDERS
