How cops taking down LockBit, ALPHV led to RansomHub's meteoric rise

RansomHub, the ransomware collective that emerged earlier this year, quickly gained momentum, outpacing its criminal colleagues and hitting its victims especially hard. The group named and shamed hundreds of organizations on its leak site, while demanding exorbitant payments across various industries.

The group, a suspected Knight rebrand, first appeared in February and quickly picked up out-of-work affiliates from Lockbit following that crew's law enforcement takedown around the same time. RansomHub also eagerly filled the void left by ALPHV/BlackCat after that group's widely reported exit scam in March – bragging about recruiting affiliates from both defunct groups via TOX and cyber crime forums.

By August, just six months after setting up shop, RansomHub had claimed 210 victims and drawn the attention of the FBI, CISA, and other government agencies gunning for cyber criminals. Its victims allegedly include auction house Christie's, Frontier Communications, US pharmacy chain Rite Aid, Planned Parenthood, and Delaware public libraries, among many others.

Its brand of malware has since become the encryptor of choice for Scattered Spider and other sophisticated criminals, and the gang posted a record-high 98 victims on its leak site in November. 

Leave a Comment