The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024.
RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV). Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Trickbot Adds Remote Application Credential-Grabbing Capabilities to Its Repertoire
February 12, 2019
In November 2018, we covered a Trickbot variant that came with a password-grabbing module, which allowed it to steal credentials from numerous applications. In January 2019, we saw Trickbot (detected as TrojanSpy.Win32.TRICKBOT.AZ and Trojan.Win32.MERETAM.AD) with new capabilities added to its already extensive bag of tricks. Its authors clearly aren’t done updating Trickbot — we recently found a ...
- Windows App Runs on Mac, Downloads Info Stealer and Adware
February 11, 2019
EXE is the official executable file format used for Windows to signify that they only run on Windows platforms, and to serve as a security feature. By default, attempting to run an EXE file on a Mac or Linux OS will only show an error notification. However, we found EXE files in the wild delivering a ...
- Banks Under Attack: Tactics and Techniques Used to Target Financial Organizations
February 8, 2019
US$100 – 300 billion: That’s the estimated losses that financial institutions can potentially incur annually from cyberattacks. Despite the staggering amount, it’s unsurprising — over the past three years, several banks suffered $87 million in combined losses from attacks that compromised their SWIFT (Society for Worldwide Interbank Financial Telecommunication)infrastructures. That’s just the tip of the iceberg: A ...
- New macOS zero-day allows theft of user passwords
February 6, 2019
A German security researcher has published a video over the weekend showing a new zero-day affecting Apple’s macOS desktop operating system. In an interview to German tech site Heise, Linus Henze, the security researcher, says the vulnerability allows a malicious app running on a macOS system to get access to passwords stored inside the Keychain –the password management ...
- Android Phones Can Get Hacked Just by Looking at a PNG Image
February 6, 2019
Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google’s mobile ...
- Pro-Tibet groups targeted with ExileRAT in spy campaign
February 5, 2019
Researchers have uncovered a new cyberespionage campaign which is targeting pro-Tibetan individuals in order to distribute the ExileRAT Trojan. On Monday, researchers from Cisco Talos said that the new campaign delivers a malicious Microsoft PowerPoint document containing the Remote Access Trojan (RAT) which is capable of stealing system and personal information, terminating or launching processes, surveillance and the ...