Actu
The CERT Synetis team contextualizes and decodes threats for a better understanding of the malicious actors in our century
September 2024 by CERT Synetis
This month, our experts have focused on RansomHub, a ransomware that has become one of the greatest cyber threats in 2024. Here are some key insights about this group:
• Origins and Expansion : RansomHub first appeared in February 2024 and quickly climbed the ranks to become the fourth most active ransomware between March and May 2024. Its strategy of recruiting affiliates, some of whom come from Noberus (ALPHV/Blackcat), played a crucial role in its growth. RansomHub shares many similarities with the Knight ransomware, particularly the use of the Go programming language and the Gofuscate obfuscation software.
• Victimology : RansomHub targets a wide range of sectors, including IT services, retail, construction, energy, and agriculture. Its victims, 270 to date, are primarily located in Europe and North America, including companies in France, the United Kingdom, and the United States.
• Modus Operandi : this ransomware has stood out multiple times for its use of double extortion. It employs sophisticated techniques, such as the exploitation of the critical vulnerability ZeroLogon (CVE-2020-1472) and custom tools like the EDR Kill Shifter, to infiltrate and control its victims’ systems.
• Outlook : the CERT Synetis team believes that RansomHub could become the major ransomware operator in 2024, given its effectiveness and rapid growth.
