DragonForce Engages in "Turf War" for Ransomware Dominance
Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace
RansomHub is a ransomware operation covered through reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
RansomHub is the name used for a ransomware operation and associated malware in cybersecurity reporting. The tag covers reported intrusions and extortion claims, malware and infrastructure analysis, possible disruption or law-enforcement activity, and defensive guidance. Because ransomware names can be applied inconsistently to related tools or campaigns, readers should verify technical indicators and source reporting before treating an incident as attributable to RansomHub.
For defenders, relevant work includes monitoring threat-intelligence reporting for validated hashes, domains, behaviors, and intrusion evidence; rapidly patching exposed systems where a confirmed vulnerability is involved; and preserving endpoint, identity, network, and cloud logs for investigation. If encryption or unauthorized access is suspected, isolate affected systems without destroying evidence, revoke potentially exposed credentials, assess whether data was accessed rather than relying on an extortion claim, and recover from tested offline or otherwise protected backups. Confirmed data exposure may also require privacy, contractual, or regulatory assessment.
Weekly headline count for the current query.
Sophos has observed DragonForce attacking rival ransomware operators including RansomHub as it seeks to expand its reach in the cybercrime marketplace
Comparitech observed a significant decline in ransomware attacks in April, partly as a result of the RansomHub gang “going dark”
RansomHub refines extortion strategy amid RaaS market fractures, expanding affiliate recruitment
Claims on ransomware groups’ data leak sites reached an all-time high in November, with 632 reported victims, according to Corvus Insurance
Symantec data reveals RansomHub claimed more attacks than any other group in Q3 2024
Agencies under the #Stopransomware banner publish details of RansomHub group’s tactics, indicators of compromise and essential mitigations
GuidePoint has assessed with high confidence that the notorious Scattered Spider group has become an affiliate of RaaS operator RansomHub
RansomHub has surfaced threatening to expose stolen data unless another ransom is paid