Tag RansomHub

RansomHub Named 2024’s Leading Ransomware Group, Targeting Over 600 Organizations Worldwide

Rise of RansomHub: A Resurgent Threat in Cybercrime The RansomHub ransomware-as-a-service (RaaS) group has emerged as a significant player in the cybercrime landscape, capitalizing on previously patched vulnerabilities in Microsoft Active Directory and the Netlogon protocol to facilitate unauthorized access to victim networks. Recent analyses highlight the group’s ability to…

Read MoreRansomHub Named 2024’s Leading Ransomware Group, Targeting Over 600 Organizations Worldwide

⚡ THN Weekly Recap: Stolen Google Secrets, Windows Breach, Latest Crypto Scams, and More!

This week’s cybersecurity update delves into various evolving threats, including a sophisticated phishing technique used by Russian threat actors. Covering issues from device code phishing to cloud-based attacks, this summary transforms complex technicalities into comprehensible insights, tailored for tech-savvy professionals. ⚡ Threat of the Week The recent disclosure from Microsoft…

Read More⚡ THN Weekly Recap: Stolen Google Secrets, Windows Breach, Latest Crypto Scams, and More!

Medusa Ransomware Strikes Over 40 Victims in 2025, Demanding Ransoms Ranging from $100K to $15M

Medusa Ransomware Campaign Targets Diverse Sectors, Rising Threats Persist The Medusa ransomware group has intensified its activities since its emergence in January 2023, reportedly claiming close to 400 victims across various sectors. Recent statistics reveal a significant 42% surge in financially motivated attacks between 2023 and 2024. In the first…

Read MoreMedusa Ransomware Strikes Over 40 Victims in 2025, Demanding Ransoms Ranging from $100K to $15M

Medusa Ransomware Employs Malicious Driver to Bypass Anti-Malware Using Stolen Certificates

Recent reports indicate that the Medusa ransomware-as-a-service (RaaS) group is employing a malicious driver named ABYSSWORKER in a sophisticated attack utilizing a bring your own vulnerable driver (BYOVD) strategy aimed at sabotaging anti-malware systems. According to Elastic Security Labs, a recent incident involving Medusa ransomware utilized a loader that had…

Read MoreMedusa Ransomware Employs Malicious Driver to Bypass Anti-Malware Using Stolen Certificates

VanHelsing RaaS Launch: 3 Targets, $5K Entry Fee, Multi-Platform Support, and Double Extortion Strategies

The cybersecurity landscape has recently been shaken by the launch of a ransomware-as-a-service (RaaS) operation named VanHelsing, which has already targeted three victims since its inception on March 7, 2025. The ransoms demanded by VanHelsing have reached staggering amounts, totaling as high as $500,000. This model facilitates participation from a…

Read MoreVanHelsing RaaS Launch: 3 Targets, $5K Entry Fee, Multi-Platform Support, and Double Extortion Strategies

🔍 Weekly Overview: Nation-State Cyber Attacks, Spyware Warnings, Deepfake Malware Threats, and Supply Chain Vulnerabilities

This week, cybersecurity experts reported a notable uptick in stealthy tactics employed by malicious actors, indicating that the real challenge may lie in identifying the threats that have already infiltrated systems rather than defending against external breaches. Attack methodologies increasingly leverage AI to manipulate public opinion, while malware masquerades within…

Read More🔍 Weekly Overview: Nation-State Cyber Attacks, Spyware Warnings, Deepfake Malware Threats, and Supply Chain Vulnerabilities

RansomHub Disappears on April 1; Affiliates Shift to Qilin as DragonForce Takes Over

April 30, 2025
Cybercrime / Threat Intelligence

Cybersecurity experts have reported that RansomHub’s online operations unexpectedly went offline on April 1, 2025, raising alarm among its affiliates in the ransomware-as-a-service (RaaS) ecosystem. According to Singaporean cybersecurity firm Group-IB, this disruption has likely led to affiliates migrating to Qilin, with evidence showing that disclosures on its data leak site have surged since February. RansomHub, which debuted in February 2024, has reportedly compromised data from over 200 victims. It quickly eclipsed prominent RaaS groups LockBit and BlackCat, attracting affiliates like Scattered Spider and Evil Corp with enticing profit-sharing models. “After potentially acquiring the web application and source code for Knight (formerly Cyclops), RansomHub swiftly gained traction in the ransomware landscape, leveraging a feature-rich multi-platform encryptor and a robust, affiliate-friendly approach…”

RansomHub Disappears from the Cyber Landscape; Affiliates Shift to Qilin While DragonForce Claims Leadership April 30, 2025 In a significant turn of events within the cybercriminal ecosystem, the ransomware-as-a-service (RaaS) operation known as RansomHub has unexpectedly gone offline as of April 1, 2025. This abrupt disappearance has raised alarms among…

Read More

RansomHub Disappears on April 1; Affiliates Shift to Qilin as DragonForce Takes Over

April 30, 2025
Cybercrime / Threat Intelligence

Cybersecurity experts have reported that RansomHub’s online operations unexpectedly went offline on April 1, 2025, raising alarm among its affiliates in the ransomware-as-a-service (RaaS) ecosystem. According to Singaporean cybersecurity firm Group-IB, this disruption has likely led to affiliates migrating to Qilin, with evidence showing that disclosures on its data leak site have surged since February. RansomHub, which debuted in February 2024, has reportedly compromised data from over 200 victims. It quickly eclipsed prominent RaaS groups LockBit and BlackCat, attracting affiliates like Scattered Spider and Evil Corp with enticing profit-sharing models. “After potentially acquiring the web application and source code for Knight (formerly Cyclops), RansomHub swiftly gained traction in the ransomware landscape, leveraging a feature-rich multi-platform encryptor and a robust, affiliate-friendly approach…”

Manpower Data Breach Affects 144K as Workday Confirms Third-Party CRM Hack

A cyberattack on Manpower’s Michigan office has compromised the data of 144,000 individuals, while Workday faces a data breach linked to a broader social engineering scheme. These incidents underscore the escalating risks posed by cyber threats. Recently, two significant organizations—global staffing agency Manpower and software provider Workday—have reported separate cyberattacks…

Read MoreManpower Data Breach Affects 144K as Workday Confirms Third-Party CRM Hack