RansomHub Archives • Daily CyberSecurity

RansomHub Breach: Six-Day Attack Leveraged RDP, RMM Tools & Mimikatz for Data Exfiltration & Ransomware INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

RansomHub Breach: Six-Day Attack Leveraged RDP, RMM Tools & Mimikatz for Data Exfiltration & Ransomware

Do Son June 30, 2025

The DFIR Report’s latest case study exposes the meticulous six-day operation of a threat actor who leveraged...

Ransomware Gang Qilin Rises Amid Collapse of Major Gangs Like RansomHub and LockBit

Do Son June 19, 2025

The ransomware threat landscape is undergoing dramatic upheaval. As legacy groups like RansomHub, LockBit, Everest, and BlackLock...

Scattered Spider (UNC3944) Resurfaces with Ties to DragonForce and RansomHub in Retail Attacks UNC3944, Scattered Spider

Scattered Spider (UNC3944) Resurfaces with Ties to DragonForce and RansomHub in Retail Attacks

Do Son May 7, 2025

A new report from Mandiant, a Google Cloud company, sheds light on the renewed activity of UNC3944,...

Intrinsec Links Eye Pyramid C2 to Ransomware Networks in New Infrastructure Mapping Report Eye Pyramid, Ransomware Infrastructure

Intrinsec Links Eye Pyramid C2 to Ransomware Networks in New Infrastructure Mapping Report

Do Son May 2, 2025

In a comprehensive new report, cybersecurity firm Intrinsec has detailed how infrastructure used by RansomHub and the...

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks SocGholish, RansomHub

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks

Do Son April 28, 2025

The eSentire’s Threat Response Unit (TRU) discovered a sophisticated cyberattack campaign linking SocGholish (also known as FakeUpdates)...

Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign UAC-0006 Espionage

Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign

Do Son April 1, 2025

A recent report by Intrinsec has uncovered the activities of Russia-aligned intrusion sets, UAC-0050 and UAC-0006, which...

RansomHub Deploys Custom Backdoor ‘Betruger’ in Targeted Ransomware Attacks RansomHub ransomware gang - Betruger backdoor

RansomHub Deploys Custom Backdoor ‘Betruger’ in Targeted Ransomware Attacks

Do Son March 22, 2025

A new report from Symantec Threat Hunter Team reveals that at least one affiliate of the RansomHub...

Ransomware Threat Escalates as Scattered Spider and RansomHub Combine Forces

Do Son October 24, 2024

ReliaQuest revealed a concerning new collaboration between the Scattered Spider cybercriminal collective and the rising ransomware group...

RansomHub’s EDR-Killer: How Zerologon and EDRKillShifter Exploit Networks Without Detection RansomHub EDRKillShifter

RansomHub’s EDR-Killer: How Zerologon and EDRKillShifter Exploit Networks Without Detection

Do Son September 24, 2024

In a recently uncovered report by Trend Micro, the notorious RansomHub ransomware group has been found to...

CosmicBeetle’s ScRansom Ransomware: A Growing Threat to European and Asian Businesses CosmicBeetle - ScRansom

CosmicBeetle’s ScRansom Ransomware: A Growing Threat to European and Asian Businesses

Do Son September 11, 2024

In a significant development tracked by ESET researchers, the threat actor known as CosmicBeetle has intensified its...

RansomHub Targets Prasarana Malaysia: 316 GB of Stolen Data Threatened with Public Release Prasarana Malaysia Berhad

RansomHub Targets Prasarana Malaysia: 316 GB of Stolen Data Threatened with Public Release

Do Son August 29, 2024

Prasarana Malaysia Berhad, the largest public transportation operator in Malaysia, has confirmed reports of unauthorized access to...

EDRKillShifter: A New EDR-Killing Tool in Ransomware Attack

Do Son August 17, 2024

Sophos researchers have discovered a new threat: EDRKillShifter, a sophisticated tool designed to dismantle endpoint detection and...

RansomHub: A New Ransomware-as-a-Service Threatens Multiple Operating Systems

Do Son June 23, 2024

A new ransomware-as-a-service (RaaS) called RansomHub has emerged, targeting Windows, Linux, and ESXi operating systems. This multi-OS...

Zerologon Vulnerability Strikes Again: RansomHub Exploits Legacy Flaw

Do Son June 6, 2024

A new ransomware threat, dubbed RansomHub, has rapidly ascended to become one of the most prolific ransomware...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

RansomHub

RansomHub Breach: Six-Day Attack Leveraged RDP, RMM Tools & Mimikatz for Data Exfiltration & Ransomware

Ransomware Gang Qilin Rises Amid Collapse of Major Gangs Like RansomHub and LockBit

Intrinsec Links Eye Pyramid C2 to Ransomware Networks in New Infrastructure Mapping Report

SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks

Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign

RansomHub Deploys Custom Backdoor ‘Betruger’ in Targeted Ransomware Attacks

Ransomware Threat Escalates as Scattered Spider and RansomHub Combine Forces

RansomHub’s EDR-Killer: How Zerologon and EDRKillShifter Exploit Networks Without Detection

CosmicBeetle’s ScRansom Ransomware: A Growing Threat to European and Asian Businesses

RansomHub Targets Prasarana Malaysia: 316 GB of Stolen Data Threatened with Public Release

EDRKillShifter: A New EDR-Killing Tool in Ransomware Attack

RansomHub: A New Ransomware-as-a-Service Threatens Multiple Operating Systems

Zerologon Vulnerability Strikes Again: RansomHub Exploits Legacy Flaw