Subj : US Authorities Issue RansomHub Ransomware Alert
To   : All
From : TechnologyDaily
Date : Tue Sep 03 2024 15:30:05

US Authorities Issue RansomHub Ransomware Alert

Date:
Tue, 03 Sep 2024 14:29:00 +0000

Description:
RansomHub spun out of the now defunct ALPHV.

FULL STORY
======================================================================

Earlier this week, the US Cybersecurity and Infrastructure Security Agency 
(CISA), released a new security advisory detailing a prolific ransomware 
threat actor. The advisory, called #StopRansomware: RansomHub Ransomware, 
discusses the RansomHub group, and was written in partnership with the 
Federal Bureau of Investigation (FBI), Multi-State Information Sharing and 
Analysis Center (MS-ISCA), and the Department of Health and Human Services 
(HHS). 

In the advisory, the government agencies list indicators of compromise (IoC), 
tactics, techniques and procedures (TTP), and detection methods, all to help 
organizations better identify the attack, and stop it in its tracks. 

RansomHub used to be nothing more than an affiliate of ALPHV (BlackCat). This 
group was responsible for the breach of Change Healthcare, when the 
healthcare firm paid a $22 million ransom demand in exchange for the stolen 
files. However, that affiliate never received their share of the spoils, 
since ALPHVs operators took it all and vanished. Becoming famous 

RansomHub was left holding the stolen data and even tried, unsuccessfully, to 
extort Change Healthcare again. 

Since then, the group worked diligently on creating a name for itself in the 
underground community, to some success. According to a recent report on 
Infosecurity Magazine , the group has so far successfully breached at least 
210 organizations around the world. In late May, it assumed responsibility 
for the attack at auction house Christies, which took the companys website 
offline hours before a major event. A few months later, in mid-July, the 
American drugstore chain Rite Aid also confirmed falling prey to the same 
organization. 

In the advisory, CISA says that RansomHub is a ransomware-as-a-Service 
variant previously known as Cyclops and Knight, and that in recent times it 
started attracting affiliates from LockBit, and ALPHV. 

CISA encourages network defenders to review this advisory and apply the 
recommended mitigations, the organization concludes, adding that software 
manufacturers should take ownership of improving the security outcomes of 
their customers by applying secure by design methods. 

 Via Infosecurity Magazine More from TechRadar Pro Patelco confirms thousands 
of customers hit in ransomware attack Here's a list of the best firewall 
software around today These are the best endpoint security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/us-authorities-issue-ransomhub-ransomwa
re-alert


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.