What is RansomHub, the ransomware gang behind some of today’s biggest cyberattacks?

Energy company Halliburton filed a notice with the Securities and Exchange Commission on Tuesday to inform the regulator that it had fallen victim to a “material cybersecurity incident.”

While details remain hazy, the company said in its filing that “the unauthorized third party accessed and exfiltrated information from the Company’s systems.” Halliburton is now reportedly evaluating what information was stolen, and what public notifications are required. (The company’s stock price took a 3.5% hit in the first four hours of trading on Tuesday.)

Halliburton has declined to comment further about the attack, and didn’t name the gang believed to be responsible for the breach. But TechCrunch reported on Tuesday the existence of a ransom note sent to the energy giant that suggests a ransomware gang called RansomHub is taking credit for the incident.

RansomHub has been in the news quite a bit lately, following a warning in August by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that criminals affiliated with the gang have been responsible for at least 210 known attacks in the last six months.

It’s believed that the RansomHub malware is an updated version of the Knight ransomware, which was itself originally known as Cyclops, according to anti-virus company Symantec. Knight was offered for sale by its developers in February 2024—around the time that RansomHub came on the scene—as they sought to shut down their cybercrime operation. Symantec says it is “very difficult to differentiate between” RansomHub and Knight.

RansomHub victims include Change Healthcare, one of the world’s biggest health payment processing companies, according to the CISA. About 40% of the victims are North America-based organizations, according to one count; one-third are based in Europe.

It’s not totally clear who exactly is behind RansomHub—or who belongs to the gang. “It’s always difficult to tell,” says Alan Woodward, professor of cybersecurity at the University of Surrey. “Even if they are a gang, they are often geographically spread and act as a virtual gang.”

Group-IB, a cyberdefense firm, believes many of the key actors in the RansomHub gang used to belong to Scattered Spider, a group of hackers in their late teens and early 20s who are believed to be responsible for launching a massive cyberattack against Las Vegas casinos in 2023. “RansomHub’s ransom demands are also noticeably high, rumored to be as steep as $50 million in attacks on companies in Northern Africa,” Group-IB wrote in a blog post. “However, their interest is usually aligned with publicly available financial information about the victim, as well as analysis of leaked data that often contains accounts balance details.”

RansomHub has quickly gained a reputation as one a major cyber threat in the last few months: More than one attack per day has been reported by ZeroFox Intelligence in July and August. “They seem to be one of the more successful ransomware attackers,” says Woodward. “Their site often lists their latest victim, but they don’t seem to have done that for Halliburton so I’m wondering if they’re still ‘negotiating’ with Halliburton.”

Woodward, for his part, would advise that Halliburton doesn’t pay up—even if they’ve lost access to highly important data. The principle of paying criminals after being hacked is “contentious,” he says, and ought to prompt “the thorny question of whether it should be made illegal to pay a ransom.”

https://www.fastcompany.com/91183461/ransomhub-ransomware-gang-halliburton?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Creată 4mo | 4 sept. 2024, 16:30:31


Autentifică-te pentru a adăuga comentarii

Alte posturi din acest grup

The L.A. wildfires show how social media has become just another spin room

It’s hard to remember now, as you scroll through a thicket of porn bots, anti-trans activists, and AI slop

10 ian. 2025, 12:50:06 | Fast company - tech
These AI applications are aiding—not replacing—human creatives

There’s been plenty of speculation about whether generative AI could replace—or perh

10 ian. 2025, 12:50:06 | Fast company - tech
What does Meta’s Oversight Board even do?

When Meta established its Oversight Board to adjudicate on decisions it made about removing content from its platforms in 2020, the goal was for the select group of individuals from the media, civ

10 ian. 2025, 10:40:03 | Fast company - tech
6 years ago, Elon Musk offered help during wildfires. This time he blamed DEI

When a devastating wildfire hit California in November 2018, a powerful CEO went on Twitter to ask how his company could help. That

10 ian. 2025, 01:20:06 | Fast company - tech
Sony PlayStation is adding smell—yes, you read that right—to its games

Sony has unveiled a new gaming system that could allow PlayStation players to sniff their way through games like The Last of Us.

Unveiled at CES 2025, the Future Immersive Enter

9 ian. 2025, 20:40:08 | Fast company - tech
Dell’s new PC names are boring—and a smart move

There are surely many reasons that the parents of tech icon Michael Dell di

9 ian. 2025, 20:40:08 | Fast company - tech