RansomHub exploits RDP for massive data exfiltration.

TLDR:

Key Points:

RansomHub exploiting RDP services to exfiltrate large volumes of data
Operates as a Ransomware-as-a-Service (RaaS) group targeting organizations in healthcare, finance, and government sectors

RansomHub Exploiting RDP Services To Exfiltrate Large Volumes Of Data

RansomHub, a Ransomware-as-a-Service (RaaS) group, has been using RDP services to steal data from victims. Operating in double extortion manner, they encrypt files and steal information primarily from organizations in the US, UK, Spain, France, and Italy, specializing in healthcare, finance, and government sectors. The group demands high ransom payments, estimated at $50 million for attacks in northern Africa.

The ransomware used by RansomHub, based on Golang, is capable of running on Windows, Linux, and ESXi IDE, with features like network propagation, Safe Mode, and hardware-accelerated encryption. The attack chain involves compromised Admin accounts, LummaC2 stealer, and tools like Netscan, smbexec, and PsExec for lateral movement and data exfiltration via rclone to Mega.

To prevent such threats, organizations are advised to enhance access controls, improve monitoring, respond efficiently to security incidents, enforce OTP-based MFA for remote access, maintain strong backup policies, and conduct regular ransomware readiness assessments.

Post Views: 33

Latest from Blog

Beware: UNC2970 Hackers Weapons in Job Seekers’ PDFs

TLDR: UNC2970 hackers are targeting job seekers with weaponized PDF files. They use sophisticated phishing tactics to deliver malware to victims. In a recent report, cybersecurity analysts at Google Mandiant have identified

Cyber insurance changes shape of security for good and bad

TLDR: Key Points: Cyber-insurance landscape is shifting to encourage greater cyber resiliency Rising costs of cyberattacks are prompting insurers to re-examine underwriting How Cyber-Insurance Shifts Affect the Security Landscape The article discusses