The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV). Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents
August 28, 2025
In June, Terend Micro researchers identified and investigated an unusual security incident involving the installation of two malware families, C6DOOR and GTELAM, on a victim’s host. Trend Micro investigation determined that the malware was delivered through a legitimate input method editor (IME) software, Sogou Zhuyin. As brief explanation, an IME is a tool that interprets sequences ...
- Widespread Data Theft Targets Salesforce Instances via Salesloft Drift
August 28, 2025
Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations. GTIG now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised. On August 28, 2025, GTIG ...
- Manitoba: Community that lost $472,000 to cyber attack failed to investigate
August 28, 2025
Manitoba’s auditor general says a rural municipality failed to properly investigate a cyber attack that resulted in the loss of hundreds of thousands of dollars. Tyson Shtykalo investigated the cybersecurity breach that led to the Municipality of Westlake-Gladstone, west of Winnipeg, losing more than $472,000 over the course of a few weeks in 2019 and 2020. Read ...
- Cyber-attack on UK contractor affects islanders
August 28, 2025
A personal data breach at a Disclosure and Barring Service (DBS) contractor has affected some people in Guernsey, officials have said. The Office of the Data Protection Authority (ODPA) said that UK-based company Access Personal Checking Services Ltd (APCS) had been notified that a third-party contractor had been subject to a cyber incident. APCS said the ...
- TransUnion says hackers stole 4.4 million customers’ personal information
August 28, 2025
Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information. In a filing with Maine’s attorney general’s office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations. TransUnion claimed “no credit information was ...
- Jamaica: Cyber attack on Office of Registrar General contained, but services impacted
August 27, 2025
The Office of the Registrar-General (ORG), formerly the Registrar General’s Department (RGD), says it was affected by a cyber incident detected on Sunday and is working to determine its full scope. “Our initial assessment indicates that this incident was primarily designed to disrupt the availability of our systems,” the ORG said Wednesday. “As investigations are still ...