RansomHub, a new ransomware group that emerged in February 2024, has been involved in significant cyberattacks targeting over 600 organizations across various sectors, including healthcare and finance. Utilizing vulnerabilities in Microsoft Active Directory and the Netlogon protocol, they escalate privileges to access networks. They have also successfully recruited affiliates from rival RaaS groups and advertised an updated locker for remote data encryption. A recent breach involved a brute-force attack against a VPN service using an enriched dictionary of credentials, highlighting their evolving tactics to breach network defenses.
The attacker eventually gained access through a default account frequently used in data backup solutions, and the perimeter was finally breached.
About five months later, an updated version of the locker was advertised on the illicit marketplace with capabilities to remotely encrypt data via SFTP protocol.
Collection
[
|
...
]