HQ/EMEAFind out how we can help your business
Our iZOOlogic research team has identified a new malicious group called RansomHub that circulates the cybercriminal landscape.
This ransomware group has recently emerged, but its overall nature remains mysterious. Still, it could be a hostile entity that could pose a grave threat to individuals, businesses, and organisations worldwide.
Our researchers noticed various details in the RansomHub group’s surface-level information.
First identified by our iZOOlogic research team in the dark web, RansomHub has quickly established itself as a potentially formidable adversary in cybercrime.
Our researchers stated that the group’s posting characterised their central identity and primary objective. The post explained that they are a financially motivated hacking group comprising various members from different countries. However, a vital detail of the cybercriminal gang’s operation is that their declaration of not targeting Cuba, North Korea, China, Romania, and the CIS implies that their members came from these countries.
These hackers confirmed that they would not retarget companies that have already complied with their demanded payments. On the bright side, the group highlighted that they will not allow their members to target non-profit organisations.
RansomHub’s post also explained what they guarantee in their operations. First, they will ensure that their affiliates comply with the agreements they establish during their negotiations and requirements with their victims. If the affiliate does not honour their agreements, the ransomware group will ban their affiliate and will never work with them again.
Next, they will instruct their affiliates to send a decryptor immediately after a victim pays the ransom; if not, the leading group will send one for free. In addition to their rule of no retargeting, the group will promptly provide a decryptor if one of their affiliates executes another attack on the same victim that paid a ransom. RansomHub also guarantees that it will not allow its affiliates to run an attack without their authorisation.
Lastly, this ransomware group will ensure they respond to any victims who paid the ransom within 48 hours if their affiliates do not accomplish one of the earlier-mentioned rules. This new ransomware group possesses dangerous potential despite rules favouring a few countries and specific organisations. This emerging threat has yet to disclose a significant move that would put them on the map.
Our researchers here in iZOOlogic will ensure that they monitor every move of this group to uncover more unknown details that shroud this mysterious threat.
