Skip to content

Incidents attributed to:

RansomHub

RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware.

RansomHub is a rapidly growing ransomware group believed to be an updated version of the older Knight ransomware. They have been linked to attacks exploiting the Zerologon vulnerability to gain initial access. RansomHub has attracted former affiliates of the ALPHV ransomware group and operates as a Ransomware-as-a-Service with a unique affiliate prepayment model. The group has been active in extorting victims and leaking sensitive data to pressure for ransom payments.

References


Actor metadata imported from Malpedia (Fraunhofer FKIE).

Related incidents

RansomwareResolved

RECOPE RansomHub ransomware attack

RansomHub ransomware forced Costa Rica's state oil refiner RECOPE to switch its entire fuel-distribution network to manual operations, triggering the first real-world deployment of the U.S. State Department's FALCON cyber-response program.

Victim
Refinadora Costarricense de Petrรณleo (RECOPE)