Adrian Johnson
TLDR:
- RansomHub is a prolific ransomware group responsible for over 210 attacks since February 2024.
- The group is linked to a tool called Poortry that can neutralize EDR and has exploited critical vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a warning about the growing threat from RansomHub, a ransomware group that has targeted more than 210 organizations since its launch in February 2024. The group, formerly known as Cyclops and Knight, is one of the most active threat groups in the world and has been linked to major attacks, including the Change Healthcare and Frontier Communications breaches. RansomHub operates on a ransomware-as-a-service (RaaS) model, allowing wider affiliates to conduct attacks using their strain. The group has also been connected to affiliates previously linked to AlphV and LockBit. Researchers have identified Poortry as a tool used by RansomHub to neutralize EDR, which protects endpoint users, and have exploited critical vulnerabilities such as CVE-2023-3519 and CVE-2023-46747. Many critical services, including water and wastewater, emergency services, and financial services, have been targeted by RansomHub and its affiliates.
