Security news aggregator

Latest coverage for RansomHub

RansomHub is a ransomware operation covered through reported incidents, technical analysis, disruption efforts, and defensive guidance.

72 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

RansomHub is the name used for a ransomware operation and associated malware in cybersecurity reporting. The tag covers reported intrusions and extortion claims, malware and infrastructure analysis, possible disruption or law-enforcement activity, and defensive guidance. Because ransomware names can be applied inconsistently to related tools or campaigns, readers should verify technical indicators and source reporting before treating an incident as attributable to RansomHub.

For defenders, relevant work includes monitoring threat-intelligence reporting for validated hashes, domains, behaviors, and intrusion evidence; rapidly patching exposed systems where a confirmed vulnerability is involved; and preserving endpoint, identity, network, and cloud logs for investigation. If encryption or unauthorized access is suspected, isolate affected systems without destroying evidence, revoke potentially exposed credentials, assess whether data was accessed rather than relying on an extortion claim, and recover from tested offline or otherwise protected backups. Confirmed data exposure may also require privacy, contractual, or regulatory assessment.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 72

And yes, there’s the usual credit monitoring Global staffing firm Manpower confirmed ransomware criminals broke into its Lansing, Michigan franchise's network and stole personal information belonging to 144,189 people, months after the extortionists claimed that they pilfered "all of [the company's] confidential data." …

Bank Info Security 11 months, 3 weeks ago

Another Medical Practice Closes Its Doors After Cyberattack

Alpha Wellness Says 'Devastating' Incident Forced Closure of Georgia-Based CenterAnother small medical care provider has shut its doors forever as the result of a recent "devastating" cyberattack. Georgia-based Alpha Wellness & Alpha Medical Centre has permanently pulled the plug on its operations following a data theft attack by cybercriminal gang RansomHub.

Bank Info Security 1 year, 3 months ago

Fake Out: Babuk2 Ransomware Group Claims Bogus Victims

What Do You Mean, Hospital-Targeting Sociopath Ransomware Wielders Continue to Lie?A ransomware group reusing the Babuk ransomware brand claims to have stolen data from the likes of Amazon, Delta and US Bank. Just one problem: Security experts found a startling overlap between its claimed victims and previous attacks scored by the likes of Clop, LockBit and RansomHub.

Trend Micro Research, News and Perspectives 1 year, 4 months ago

SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware

Trend Research analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware through compromised websites, using highly obfuscated JavaScript loaders to evade detection and execute various malicious tasks.

Bank Info Security 1 year, 4 months ago

Ransomware Attacks Appear to Keep Surging

RansomHub, Play, Akira and Clop Among the Groups Claiming the Most VictimsRansomware operations have collectively claimed what amounts to a surge in new victims. Researchers trace much of this activity to RansomHub, Play and Akira, as well as Clop, which continues to drip-feed details about its attack on users of Cleo Communications' managed file-transfer software.

The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy

Bank Info Security 1 year, 5 months ago

Nursing Home, Rehab Chain Says Hack Affects Nearly 70,000

RansomHub Theft Hit Patients of 2 Dozen HCF Facilities and Home Healthcare UnitA chain of more than two dozen skilled nursing and rehabilitation facilities is notifying tens of thousands of patients whose information was compromised in a hacking incident last fall. Russian-speaking cybercriminal gang RansomHub claims to have published 250 gbytes of data stolen in the heist.

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network

Bank Info Security 1 year, 6 months ago

Ransomware Leak Sites Suggest Attacks Reached Record High

RansomHub, Play and Akira Appear to Dominate; Numerous Newcomers Join the FrayWhile ransomware groups' data-leak sites regularly lie, if taken at face value, in December 2024 they collectively listed the largest number of victims ever seen in a one-month period, dominated by RansomHub, Play and Akira operations, plus a bevy of newcomers, researchers report.

Loading more headlines...