FBI: RansomHub ransomware has targeted 210 victims since February

30 Aug 2024

2 MIN read


The FBI recently reported that the RansomHub ransomware group, active since February 2024, has compromised over 200 victims, targeting critical infrastructure across the United States. This ransomware-as-a-service (RaaS) group, previously known as Cyclops and Knight, has been linked to high-profile breaches involving Patelco Credit Union, Rite Aid, Christie’s auction house, and Frontier Communications. The attack on Frontier Communications led to a data breach affecting more than 750,000 customers, underscoring the severe risks posed by RansomHub.

In response, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS), released a joint Cybersecurity Advisory titled “#StopRansomware: RansomHub Ransomware.” This advisory, updated as of August 2024, details crucial indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with RansomHub.

RansomHub, which has attacked at least 210 victims, has become a significant player in the RaaS market, drawing affiliates from other notable ransomware groups like LockBit and ALPHV. Their targets span sectors such as water and wastewater, government services, food and agriculture, healthcare, emergency services, and financial services.

CISA’s advisory provides essential mitigation strategies for network defenders, including patching known vulnerabilities, implementing strong passwords and multifactor authentication (MFA), keeping software up to date, and performing regular vulnerability assessments. It also recommends that organizations review CISA’s Cross-Sector Cybersecurity Performance Goals for enhanced protection against ransomware. Additionally, CISA urges software developers to prioritize secure-by-design principles.

The advisory strongly advises against paying ransoms, warning that such payments do not ensure file recovery and may encourage further criminal activities.

In a related development, Patelco Credit Union, a California-based financial institution, suffered a data breach affecting around 726,000 individuals due to a RansomHub attack, resulting in the exposure of sensitive customer information.

A report from cybersecurity firm KnowBe4 highlights a significant increase in cyberattacks on critical national infrastructure (CNI). The report notes a 30% rise in such attacks this year, with the U.S. power grid being particularly vulnerable. The number of weak points in the grid has increased by 60 per day, with the total estimated at 23,000-24,000, up from 21,000 in 2022. Globally, the average number of weekly cyberattacks on utilities has quadrupled since 2020, with a doubling of incidents in the past year alone. Between January 2023 and January 2024, there were over 420 million attacks on critical infrastructure worldwide, averaging approximately 13 attacks per second.