RansomHub: New Ransomware has Origins in Older Knight


RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware.

Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. Despite shared origins, it is unlikely that Knight’s creators are now operating RansomHub.

Read more…
Source: Symantec


Sign up for our Newsletter


Related:

  • Europol: Law enforcement shuts down 27 DDoS booters ahead of annual Christmas attacks

    December 11, 2024

    Law enforcement agencies worldwide have disrupted a holiday tradition for cybercriminals: launching Distributed Denial-of-Service (DDoS) attacks to take websites offline. As part of an ongoing international crackdown known as PowerOFF, authorities have seized 27 of the most popular platforms used to carry out these attacks. Known as ‘booter’ and ‘stresser’ websites, these platforms enabled cybercriminals and hacktivists ...

  • Russia: Call center scheme that deceived hundreds from over 20 countries exposed in Moscow

    December 11, 2024

    Russia’s Federal Security Service (FSB), in collaboration with the Russian Interior Ministry, has exposed three Moscow-based illegal call centers that affected hundreds of citizens from more than 20 European and Asian countries, the FSB reported. “The unlawful activities of an organized crime syndicate that controlled the operation of three call centers in Moscow have been disrupted,” ...

  • Scammers impersonating TSA pre-check to steal your money and information

    December 10, 2024

    A new warning as we head into the busy holiday travel season. It would be best to be on guard for fake TSA precheck websites. “We are seeing a disturbing trend of mimicking TSA-like sites,” says Karin Zilberstein with Guardio, a browser extension that identifies fake websites and other malware. She says Guardio has discovered ...

  • Fake video conferencing apps are targeting Web3 workers to steal their data

    December 9, 2024

    Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry. Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS. In some examples observed by the researchers, the ...

  • “Termite” ransomware group claims responsibility for the Blue Yonder attack

    December 9, 2024

    On Friday, the “Termite” ransomware group claimed responsibility for the attack on its dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680 gigabytes of data from Blue Yonder, including documents, reports, insurance documents and email lists, which Termite says it intends to use “for future attacks.” In a ...

  • Massive New Jersey cybersecurity breach leads to thousands of stolen SSNs

    December 7, 2024

    The social security numbers, driver’s licenses, payroll, health and other personal details of Hoboken city workers were among the data stolen in a “massive” cybersecurity breach last month. According to a list of thousands of stolen files obtained by The Jersey Journal, every department in City Hall — ranging from payroll to construction, health, and animal ...