The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV). Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Cyberthreats for ICS in Energy in Europe. Q1 2020
September 4, 2020
Computers in European countries which are used to configure, maintain and control equipment in the energy industry on which Kaspersky products are installed. This includes Windows computers on which various software packages for the energy industry are installed, including but not limited to human-machine interface (HMI), OPC gateway, engineering, control and data acquisition software. Overall, in ...
- XCSSET Update: Browser Debug Modes, Inactive Ransomware
September 4, 2020
In our first blog post that covered XCSSET, we discussed its relatively unique danger to Xcode developers and the way it took advantage of two macOS vulnerabilities to maximize what it can take from an infected machine. Our research into this incident is still ongoing, and in this blog post, we cover some other aspects of ...
- Digital Education: The cyberrisks of the online classroom
September 4, 2020
This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after schools began to transition to emergency remote learning, it ...
- CISA and FBI say they have not seen cyber-attacks this year on voter registration databases
September 2, 2020
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation said today that they have not seen any cyber-attacks target US voter registration databases and voting systems this year. The two agencies issued a joint statement today after an article in Russian media had gone viral earlier this morning. The article, published by Russian news ...
- A Blind Spot in ICS Security: The Protocol Gateway [Part 1] – Importance of the Protocol Gateway
September 1, 2020
A protocol gateway is a small network device, also called a “protocol converter” or “IoT gateway.” It is similar to an “interpreter” in the digital word, and acts as a communications intermediary between different protocols. As the integration of networks accelerates with IoT, protocol conversion grows increasingly important. However, the security of protocol gateways has ...
- Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
September 1, 2020
Users on the internet rely on domain names to find brands, services, professionals and personal websites. Cybercriminals take advantage of the essential role that domain names play on the internet by registering names that appear related to existing domains or brands, with the intent of profiting from user mistakes. This is known as cybersquatting. The ...