RansomHub Rises: The Comedic Misadventures of Cybercrime’s Overachieving Ransomware Group
RansomHub ransomware-as-a-service is wreaking havoc, exploiting patched vulnerabilities in Microsoft Active Directory. With over 600 global targets since February 2024, RansomHub’s cybercrime spree is like a never-ending buffet—everyone’s invited, but only RansomHub gets the dessert. They’re the most active ransomware group in 2024, and they’re not taking reservations.
Hot Take:
**_The RansomHub gang is like a soap opera villain who just won’t quit, constantly finding new ways to stir up trouble and recruit a cast of equally nefarious characters. They’re the cybercriminal equivalent of that one annoying mosquito you can’t seem to swat, even after you’ve patched all your screens (and your software)._**
Key Points:
– RansomHub has targeted over 600 organizations globally, making it the most active ransomware group in 2024.
– Leveraged now-patched flaws in Microsoft’s Active Directory and Netlogon protocol to escalate privileges.
– Recruited affiliates from rival gangs LockBit and BlackCat to bolster operations.
– Utilized a “brute-force attack” with 5,000 usernames and passwords for unauthorized network access.
– Exploited existing vulnerabilities to gain control of domain controllers and conduct lateral movement.