Rise of RansomHub: A Resurgent Threat in Cybercrime The RansomHub ransomware-as-a-service (RaaS) group has emerged as a significant player in the cybercrime landscape, capitalizing on previously patched vulnerabilities in Microsoft Active Directory and the Netlogon protocol to facilitate unauthorized access to victim networks. Recent analyses highlight the group’s ability to…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
CISA Alerts Businesses to Five Critical Security Vulnerabilities: Immediate Response Needed On April 10, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory concerning five newly identified security vulnerabilities now included in its Known Exploited Vulnerabilities (KEV) catalog. This addition is backed by evidence indicating active…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
RansomHub Disappears on April 1; Affiliates Shift to Qilin as DragonForce Takes Over
April 30, 2025
Cybercrime / Threat Intelligence
Cybersecurity experts have reported that RansomHub’s online operations unexpectedly went offline on April 1, 2025, raising alarm among its affiliates in the ransomware-as-a-service (RaaS) ecosystem. According to Singaporean cybersecurity firm Group-IB, this disruption has likely led to affiliates migrating to Qilin, with evidence showing that disclosures on its data leak site have surged since February. RansomHub, which debuted in February 2024, has reportedly compromised data from over 200 victims. It quickly eclipsed prominent RaaS groups LockBit and BlackCat, attracting affiliates like Scattered Spider and Evil Corp with enticing profit-sharing models. “After potentially acquiring the web application and source code for Knight (formerly Cyclops), RansomHub swiftly gained traction in the ransomware landscape, leveraging a feature-rich multi-platform encryptor and a robust, affiliate-friendly approach…”
RansomHub Disappears from the Cyber Landscape; Affiliates Shift to Qilin While DragonForce Claims Leadership April 30, 2025 In a significant turn of events within the cybercriminal ecosystem, the ransomware-as-a-service (RaaS) operation known as RansomHub has unexpectedly gone offline as of April 1, 2025. This abrupt disappearance has raised alarms among…
RansomHub Disappears on April 1; Affiliates Shift to Qilin as DragonForce Takes Over
April 30, 2025
Cybercrime / Threat Intelligence
Cybersecurity experts have reported that RansomHub’s online operations unexpectedly went offline on April 1, 2025, raising alarm among its affiliates in the ransomware-as-a-service (RaaS) ecosystem. According to Singaporean cybersecurity firm Group-IB, this disruption has likely led to affiliates migrating to Qilin, with evidence showing that disclosures on its data leak site have surged since February. RansomHub, which debuted in February 2024, has reportedly compromised data from over 200 victims. It quickly eclipsed prominent RaaS groups LockBit and BlackCat, attracting affiliates like Scattered Spider and Evil Corp with enticing profit-sharing models. “After potentially acquiring the web application and source code for Knight (formerly Cyclops), RansomHub swiftly gained traction in the ransomware landscape, leveraging a feature-rich multi-platform encryptor and a robust, affiliate-friendly approach…”
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Microsoft Flags Storm-0501 as Significant Threat in Hybrid Cloud Ransomware Incidents On September 27, 2024, Microsoft announced a notable increase in ransomware attacks orchestrated by the threat actor known as Storm-0501, which has predominantly targeted integral sectors such as government, manufacturing, transportation, and law enforcement across the United States. This…
Microsoft Flags Storm-0501 as a Significant Threat in Hybrid Cloud Ransomware Operations
September 27, 2024
Ransomware / Cloud Security
Microsoft has identified the cyber group Storm-0501 as a noteworthy threat, targeting key sectors such as government, manufacturing, transportation, and law enforcement in the United States. Their sophisticated, multi-stage attack strategy is designed to infiltrate hybrid cloud environments, allowing attackers to move laterally from on-premises systems to the cloud. This approach leads to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. According to Microsoft’s threat intelligence team, Storm-0501 operates as a financially driven cybercriminal organization, utilizing both commodity and open-source tools for their ransomware activities. Active since 2021, they initially focused on educational institutions with the Sabbath ransomware before transitioning to a ransomware-as-a-service (RaaS) model, distributing various ransomware variants including Hive, BlackCat (ALPHV), Hunters International, LockBit, and Embargo ransomware.
Data Breach at UnitedHealth Group Affects 192.7 Million Individuals Recent reports from the U.S. Department of Health and Human Services reveal that the data breach involving UnitedHealth Group last year impacted the personal information of approximately 192.7 million individuals. This figure surpasses the initial estimate of 190 million disclosed by…
Cybercrime, Fraud Management & Cybercrime, Geo Focus: The United Kingdom Arrests Made in Connection with April Ransomware Strikes Against M&S, Co-Op, and Harrods Mathew J. Schwartz (euroinfosec) • July 10, 2025 Image: Andy Sutherland/Shutterstock British authorities have apprehended four individuals linked to a series of high-profile cybersecurity incidents affecting top-tier…
The rise of ransomware attacks has emerged as a formidable challenge for businesses, frequently inflicting severe financial damage and threatening their very existence. As firms grapple with the aftermath of such breaches, many find the path to recovery almost insurmountable, often facing mounting downtime costs, expenses related to data recovery,…
Data Breach Notification, Data Privacy, Data Security Ransomware Attack Reveals Critical Vulnerabilities in Healthcare Resilience and Vendor Dependency Marianne Kolbasuk McGee (HealthInfoSec) • February 21, 2025 The February 2024 ransomware attack on Change Healthcare disrupted operations for numerous healthcare providers and affected sensitive health data of 190 million individuals. (Image:…
Data Breach Notification, Data Security, Fraud Management & Cybercrime Experts Discuss the Complexity of UnitedHealth Group’s Recent Data Breach Assessment Marianne Kolbasuk McGee (HealthInfoSec) • January 28, 2025 UnitedHealth Group has announced the data breach has affected approximately 190 million individuals due to the ransomware attack on Change Healthcare in…
