RansomHub Rides High on Knight Ransomware Source Code
June 5, 2024 – Published on Security Boulevard
RansomHub, the ransomware gang that this month claimed responsibility for the attack in April of telecommunications company Frontier, has had a meteoric rise since first appearing on the scene in February.
Along with the Frontier intrusion, RansomHub has also taken credit for additional high-profile ransomware attacks, including putting up information stolen from Change Healthcare onto its leak site.
Earlier this year, U.S. and international law enforcement agencies seized LockBit’s public-facing websites and took control of its servers in a move to disrupt the RaaS group’s operations. That came after a similar operation against BlackCat – also known as ALPHV – late last year. In a report in March, GuidePoint Security reported that in the wake of the law enforcement actions, smaller RaaS groups – including RansomHub – began recruiting disenchanted LockBit and BlackCat affiliates that were looking for new homes.
“One former Noberus affiliate known as Notchy is now reportedly working with RansomHub,” the researchers wrote. “In addition to this, tools previously associated with another Noberus affiliate known as Scattered Spider were used in a recent RansomHub attack.”
Read More HERE.