1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • US Authorities Issue RansomHub Ransomware Alert

    From TechnologyDaily@1337:1/100 to All on Tue Sep 3 14:30:05 2024
    US Authorities Issue RansomHub Ransomware Alert

    Date:
    Tue, 03 Sep 2024 14:29:00 +0000

    Description:
    RansomHub spun out of the now defunct ALPHV.

    FULL STORY ======================================================================

    Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA), released a new security advisory detailing a prolific ransomware threat actor. The advisory, called #StopRansomware: RansomHub Ransomware, discusses the RansomHub group, and was written in partnership with the
    Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISCA), and the Department of Health and Human Services (HHS).

    In the advisory, the government agencies list indicators of compromise (IoC), tactics, techniques and procedures (TTP), and detection methods, all to help organizations better identify the attack, and stop it in its tracks.

    RansomHub used to be nothing more than an affiliate of ALPHV (BlackCat). This group was responsible for the breach of Change Healthcare, when the
    healthcare firm paid a $22 million ransom demand in exchange for the stolen files. However, that affiliate never received their share of the spoils,
    since ALPHVs operators took it all and vanished. Becoming famous

    RansomHub was left holding the stolen data and even tried, unsuccessfully, to extort Change Healthcare again.

    Since then, the group worked diligently on creating a name for itself in the underground community, to some success. According to a recent report on Infosecurity Magazine , the group has so far successfully breached at least 210 organizations around the world. In late May, it assumed responsibility
    for the attack at auction house Christies, which took the companys website offline hours before a major event. A few months later, in mid-July, the American drugstore chain Rite Aid also confirmed falling prey to the same organization.

    In the advisory, CISA says that RansomHub is a ransomware-as-a-Service
    variant previously known as Cyclops and Knight, and that in recent times it started attracting affiliates from LockBit, and ALPHV.

    CISA encourages network defenders to review this advisory and apply the recommended mitigations, the organization concludes, adding that software manufacturers should take ownership of improving the security outcomes of their customers by applying secure by design methods.

    Via Infosecurity Magazine More from TechRadar Pro Patelco confirms thousands of customers hit in ransomware attack Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/us-authorities-issue-ransomhub-ransomwa re-alert


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)