Security Stop Press : Warning About RansomHub

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

September 10, 2024

The FBI, MS-ISAC, and the Department of Health and Human Services (HHS) in the US have issued a released a joint advisory to businesses about the ransomware-as-a-service collective ‘RansomHub’.

The joint advisory highlights how RansomHub (formerly known as Cyclops and Knight) has as established itself as an efficient and successful service model. The advisory highlights how, since its inception in February 2024, RansomHub has encrypted and stolen data from at least 210 victims across various critical infrastructure sectors, including water and wastewater systems.

RansomHub affiliates have been stealing data using a double-extortion strategy, encrypting systems, and stealing data to coerce victims into compliance. The data exfiltration methods vary by affiliate, and the ransom note usually omits initial payment demands or instructions although it typically gives victims between three and 90 days to pay. Instead, it provides a client ID and directs victims to contact the ransomware group via a specific .onion URL, accessible through the Tor browser.

The advice to defenders is to implement the recommendations in the Mitigations section of the advisory, which include installing updates for operating systems, software, and firmware as soon as they are released, using phishing-resistant multi-factor authentication (MFA), such as non-SMS text-based methods, for as many services as possible, and training users to recognise and report phishing attempts.

You May Also Like…

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.