RansomHub, a ransomware-as-a-service operation that emerged in early 2024, unexpectedly went offline on April 1, 2025, causing concern among its affiliates. Cybersecurity firm Group-IB has noted a significant migration to rival operation Qilin amidst this downtime. RansomHub quickly gained prominence by drawing affiliates from established groups like LockBit and BlackCat, offering favorable profit-sharing agreements. Its versatile ransomware can target multiple operating systems while avoiding attacks on certain countries. Despite a brief introduction of a module to bypass security measures, its high detection led to its withdrawal, indicating challenges in maintaining operational effectiveness.
RansomHub's unexpected disappearance on April 1, 2025, has led affiliates to likely transition to Qilin, drastically increasing activity on its data leak site.
The rapid rise of RansomHub, which succeeded LockBit and BlackCat, can be attributed to its aggressive strategy and lucrative payouts for affiliates.
RansomHub's advanced ransomware capabilities include compatibility across multiple operating systems and architectures, while strategically avoiding attacks on specified countries.
The affiliate panel's features reflect RansomHub's focus on user-friendliness, allowing affiliates to configure ransomware settings easily and encourage new account creation.
Collection
[
|
...
]