RansomHub Archives - Security Affairs

Pierluigi Paganini March 21, 2025

RansomHub affiliate uses custom backdoor Betruger

Symantec researchers linked a custom backdoor, called Betruger, found in recent ransomware attacks to an affiliate of the RansomHub operation. Symantec’s Threat Hunter team has identified a custom backdoor, named Betruger, linked to a RansomHub affiliate. Designed for ransomware attacks, Betruger combines multiple functions into a single tool to minimize detection. It enables screenshot capture, […]

Pierluigi Paganini September 30, 2024

Patelco Credit Union data breach impacted over 1 million people

The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company. Patelco Credit Union is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. Founded in 1936, it is one of the oldest and largest credit unions in the […]

Pierluigi Paganini August 15, 2024

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware operation, has been observed using a new EDR-killing utility that can terminate endpoint detection and response software on compromised systems. The researchers called the […]

Pierluigi Paganini July 17, 2024

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

Microsoft said that in Q2 2024, the Octo Tempest cybercrime gang added RansomHub and Qilin ransomware to its arsenal. In the second quarter of 2024, financially motivated threat actor Octo Tempest (aka Scattered Spider, UNC3944, and 0ktapus), added RansomHub and Qilin ransomware to its arsenal and used them in its campaigns. Octo Tempest has been active […]

Pierluigi Paganini June 22, 2024

Experts found a bug in the Linux version of RansomHub ransomware

The RansomHub ransomware operators added a Linux encryptor to their arsenal, the version targets VMware ESXi environments. RansomHub ransomware operation relies on a new Linux version of the encrypted to target VMware ESXi environments. Although RansomHub only emerged in February 2024, it has rapidly grown and has become the fourth most prolific ransomware operator over […]

Pierluigi Paganini June 06, 2024

RansomHub operation is a rebranded version of the Knight RaaS

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation. Cybersecurity experts who analyzed the recently emerged ransomware operation RansomHub speculate that is is a rebranded version of Knight ransomware. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, […]

Pierluigi Paganini June 04, 2024

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claims to have stolen 5GB of data from the […]

Pierluigi Paganini May 28, 2024

Christie disclosed a data breach after a RansomHub attack

Auction house Christie disclosed a data breach following a RansomHub cyber attack that occurred this month. Auction house Christie’s disclosed a data breach after the ransomware group RansomHub threatened to leak stolen data. The security breach occurred earlier this month. The website of the auction house was unreachable after the attack. According to BBC, Christie had problems […]

RansomHub

RansomHub affiliate uses custom backdoor Betruger

Patelco Credit Union data breach impacted over 1 million people

A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

The Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal

Experts found a bug in the Linux version of RansomHub ransomware

RansomHub operation is a rebranded version of the Knight RaaS

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Christie disclosed a data breach after a RansomHub attack

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

Hackers deploy fake SonicWall VPN App to steal corporate credentials

QUICK LINKS

RansomHub

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!