Source URL: https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
Source: The Register
Title: How cops taking down LockBit, ALPHV led to RansomHub’s meteoric rise
Feedly Summary: Cut off one head, two more grow back in its place
RansomHub, the ransomware collective that emerged earlier this year, quickly gained momentum, outpacing its criminal colleagues and hitting its victims especially hard. The group named and shamed hundreds of organizations on its leak site, while demanding exorbitant payments across various industries.…
AI Summary and Description: Yes
**Summary:** RansomHub, a newly emerged ransomware group, has rapidly become a significant threat in the cybercrime landscape by utilizing a favorable affiliate payout model and adopting tactics from previous gangs. Its meteoric rise has drawn the attention of law enforcement agencies and raised concerns about its long-term sustainability amidst intense scrutiny and competition from rival collectives.
**Detailed Description:**
– RansomHub is a ransomware collective that has quickly established itself as a leading threat, reportedly claiming 210 victims within just six months of inception.
– It appears to be a rebranding of the Knight group and has attracted affiliates from the now-defunct Lockbit and ALPHV/BlackCat ransomware groups.
– Key features of RansomHub’s operation include:
– **High Affiliate Payouts:** The group offers a 90-10 split, which incentivizes affiliates as they can retain 90% of the ransom payments, compared to more common splits of 80-20 or 70-30.
– **Rapid Growth:** RansomHub’s share of Ransomware and Data Exfiltration (R&DE) incidents has significantly increased, from about 2% in Q1 to around 20% in Q4 of 2024.
– **Innovative Recruitment Tactics:** The collective actively reaches out to potential affiliates and promotes transparency to establish trust.
– **Use of Established Techniques:** While their tactics may not be unique, their efficiency in executing attacks has positioned them as a formidable player in the criminal landscape.
– Insights from security experts note that RansomHub’s rise coincides with geopolitical events, particularly the upcoming US presidential election, which may make organizations more susceptible to ransomware breaches.
– The collective has managed to attract experienced affiliates, which could further enhance its operational capabilities and threat level.
– The report by ZeroFox indicates that RansomHub’s rapid exposure of its victims could eventually lead to its downfall as law enforcement agencies mobilize against them.
As security professionals monitor this evolving situation, it is clear that RansomHub represents a new chapter in the ransomware landscape, capitalizing on affiliate-driven models and market opportunities while facing intense scrutiny that could jeopardize its longevity. The potential for other groups to emerge and fill any void left behind adds additional complexity to the threat landscape in 2025.