RansomHub Breaches Another

By Bogdan Pătru . 3 June 2024

Tech Writer

Fact-Checked this

RansomHub continues its string of attacks, this time targeting the US-based Frontier Communications. According to the original post, the victim has 12 days and 16 hours at their disposal to contact the hackers for negotiations.

As the hackers have mentioned in their announcement, the data leak totals 5 GB, but the contents are unknown
It’s also unclear how large the ransom is or whether Frontier has decided to communicate with the hackers
RansomHub first went public in February of last year and has grown relatively fast since
The organization is also highly controversial in the ransomware space, with many arguing whether it’s legitimate or not

RansomHub’s inception was standard for a newcomer ransomware actor. The gang announced itself in February 2023 and became active almost immediately. Nothing out of the ordinary so far. What followed was, though.

It all started with Notchy’s hit against Change Healthcare. The hacker managed to breach the corporation by relying on compromised Citrix credentials. What followed was nothing short of devastating for the high-value company.

Notchy deployed the ALPHV ransomware and managed to leak around 6 TB of data. According to Change Healthcare, the company needed several months to restore its systems and lost approximately $860 million in the process.

X showing the RansomHub attack on Frontier Communications — https://x.com/FalconFeedsio/status/1797176327965180307

Not only that, but they had to pay Notchy $22 million in ransom money and underwent 2 congressional testimonies. The latter was related to Change Healthcare missing its multi-factor authentication system that would’ve prevented the breach.

The issue was that the $22 million went to ALPHV’s account, which had Notchy as an affiliate. So far, so good. The problem is that ALPHV was supposed to pay Notchy 80% of that sum for the breach, but they never did. Instead, they took the money and ran.

So, how does this relate to RansomHub?

RansomHub’s Controversial Image

While RansomHub was already active for a couple of months when all this took place, what happened next was unexpected to say the least. ALPHV was out with the $22 million, so nobody knew what would come of it.

But then RansomHub contacted Change Healthcare and tried to extort them for the same data that ALPHV had stolen. The gang also leaked some of it on a hacker forum to prove it had it. This coincided with RansomHub opening a new leak website.

One which resembled that of ALPHV greatly.

This led people to suspect that RansomHub may have merged with ALPHV or that former ALPHV members may have passed the Change Healthcare data to RansomHub. Theories abound, but nothing is for certain.

What is certain is that RansomHub appears to be a legitimate ransomware gang. Whether it is affiliated with ALPHV in any capacity or not is to be discovered.

It’s important to note that RansomHub also operates as a RaaS and that it pays its affiliates 90% of the ransom money. The gang also appears to have a well-defined system of conduct, refraining from targeting specific countries.

It also has an internal regulation that prohibits its affiliates from hitting paying targets again. These features paint RansomHub as an innovative organization with a busy future ahead of it.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

RansomHub’s Controversial Image

Our Mission

Bogdan Pătru

Leave a Comment Cancel