Washington DC: On September 1, 2024, the FBI and CISA issued a critical warning about a rising ransomware threat from a new group named "RansomHub." Since February 2024, this group has targeted over 210 organizations across sectors like healthcare, finance, and government services, using the ransomware-as-a-service (RaaS) model.
A Growing Cyber Threat RansomHub has quickly gained notoriety, incorporating members from groups like ALPHV and LockBit. The group uses double extortion tactics, encrypting and exfiltrating data, threatening public exposure to force ransom payments. Unlike ALPHV, RansomHub’s malware is written in GoLang, reflecting the evolving tactics of cybercriminals.
Notable Attacks RansomHub has attacked major organizations such as UnitedHealth Group and Halliburton. Victims receive ransom notes directing them to dark web addresses for payment instructions, with deadlines ranging from three to 90 days before data is publicly leaked.
Immediate Protective Measures The FBI recommends immediate actions to strengthen cybersecurity:
Install Updates Promptly: Keep all systems and software updated to prevent exploitation.
Implement Phishing-Resistant MFA: Use multi-factor authentication that resists phishing, avoiding SMS-based methods.
Phishing Awareness Training: Regularly educate users to identify and report phishing attempts.
Password Security Best Practices
Use Strong, Unique Passwords: Between 8 to 64 characters, avoiding reuse across accounts.
Store Passwords Securely: Utilize a password manager and add salts to shared credentials.
Avoid Frequent Password Changes: Focus on robust, long-term passwords instead.
Enforce Account Lockouts: Implement policies after multiple failed login attempts.
Require Admin-Level Passwords for Software Installation: Prevent unauthorized software installations.
The rise of RansomHub highlights the need for robust cybersecurity defences. By following these recommendations, organizations can better protect themselves from the growing ransomware threat.