DragonForce Ransom Cartel Profits Off Rivals' Demise
The fall of RansomHub led to a major consolidation of the ransomware ecosystem last quarter, which was a boon for the DragonForce and Qilin gangs.
RansomHub is a ransomware operation covered through reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
RansomHub is the name used for a ransomware operation and associated malware in cybersecurity reporting. The tag covers reported intrusions and extortion claims, malware and infrastructure analysis, possible disruption or law-enforcement activity, and defensive guidance. Because ransomware names can be applied inconsistently to related tools or campaigns, readers should verify technical indicators and source reporting before treating an incident as attributable to RansomHub.
For defenders, relevant work includes monitoring threat-intelligence reporting for validated hashes, domains, behaviors, and intrusion evidence; rapidly patching exposed systems where a confirmed vulnerability is involved; and preserving endpoint, identity, network, and cloud logs for investigation. If encryption or unauthorized access is suspected, isolate affected systems without destroying evidence, revoke potentially exposed credentials, assess whether data was accessed rather than relying on an extortion claim, and recover from tested offline or otherwise protected backups. Confirmed data exposure may also require privacy, contractual, or regulatory assessment.
Weekly headline count for the current query.
The fall of RansomHub led to a major consolidation of the ransomware ecosystem last quarter, which was a boon for the DragonForce and Qilin gangs.
The chat infrastructure and data-leak site of the notorious ransomware-as-a-service group has been inactive since March 31, according to security vendors.
A ransomware activity wave using the SocGholish MaaS framework for initial access also has affected banking and consulting firms in the US, Taiwan, and Japan since the beginning of the year.
After loading a vulnerable driver, the utility uses a public exploit to gain privilege escalation and the ability to disable endpoint protection software.
The gang already uses varied tools in its attacks, such as phishing, SIM swapping, and MFA fatigue.
The breach affects older customer information involved in purchases made from June 6, 2017, up until July 30, 2018.
The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation.
CVE-2020-1472 is a privilege escalation flaw that allows an attacker to take over an organization's domain controllers.
RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.