Ransomware Group

RansomHub

Status: active • First seen 2024-02200+ known victims

When BlackCat scammed their own affiliates and shut down, those criminals joined RansomHub. Now RansomHub is one of the biggest ransomware operations.

Overview

RansomHub emerged after ALPHV/BlackCat's exit scam. The group recruited former ALPHV affiliates and quickly became one of the most active ransomware operations.

Target Industries

Healthcare, Technology, Critical Infrastructure, Government

How They Attack

  • Affiliate model
  • Cross-platform
  • Double extortion
  • ALPHV affiliate recruitment

Notable Victims

Change Healthcare (2024), Critical infrastructure

Is your business exposed?

How to Protect Against RansomHub

  1. 1.

    Monitor for BlackCat/ALPHV indicators

  2. 2.

    Implement healthcare payment security

  3. 3.

    Deploy critical infrastructure protection

MITRE ATT&CK Techniques

T1486, T1567, T1078, T1021

Related Groups

Blackcat

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices