RansomHub Breaches Another

Bogdan Pătru

By Bogdan Pătru . 3 June 2024

Tech Writer

Miklos Zoltan

Fact-Checked this

RansomHub continues its string of attacks, this time targeting the US-based Frontier Communications. According to the original post, the victim has 12 days and 16 hours at their disposal to contact the hackers for negotiations.

  • As the hackers have mentioned in their announcement, the data leak totals 5 GB, but the contents are unknown
  • It’s also unclear how large the ransom is or whether Frontier has decided to communicate with the hackers
  • RansomHub first went public in February of last year and has grown relatively fast since
  • The organization is also highly controversial in the ransomware space, with many arguing whether it’s legitimate or not

RansomHub’s inception was standard for a newcomer ransomware actor. The gang announced itself in February 2023 and became active almost immediately. Nothing out of the ordinary so far. What followed was, though.

It all started with Notchy’s hit against Change Healthcare. The hacker managed to breach the corporation by relying on compromised Citrix credentials. What followed was nothing short of devastating for the high-value company.

Notchy deployed the ALPHV ransomware and managed to leak around 6 TB of data. According to Change Healthcare, the company needed several months to restore its systems and lost approximately $860 million in the process.

X showing the RansomHub attack on Frontier Communications

Not only that, but they had to pay Notchy $22 million in ransom money and underwent 2 congressional testimonies. The latter was related to Change Healthcare missing its multi-factor authentication system that would’ve prevented the breach.

The issue was that the $22 million went to ALPHV’s account, which had Notchy as an affiliate. So far, so good. The problem is that ALPHV was supposed to pay Notchy 80% of that sum for the breach, but they never did. Instead, they took the money and ran.

So, how does this relate to RansomHub?

RansomHub’s Controversial Image

While RansomHub was already active for a couple of months when all this took place, what happened next was unexpected to say the least. ALPHV was out with the $22 million, so nobody knew what would come of it.

But then RansomHub contacted Change Healthcare and tried to extort them for the same data that ALPHV had stolen. The gang also leaked some of it on a hacker forum to prove it had it. This coincided with RansomHub opening a new leak website.

One which resembled that of ALPHV greatly.

This led people to suspect that RansomHub may have merged with ALPHV or that former ALPHV members may have passed the Change Healthcare data to RansomHub. Theories abound, but nothing is for certain.

What is certain is that RansomHub appears to be a legitimate ransomware gang. Whether it is affiliated with ALPHV in any capacity or not is to be discovered.

It’s important to note that RansomHub also operates as a RaaS and that it pays its affiliates 90% of the ransom money. The gang also appears to have a well-defined system of conduct, refraining from targeting specific countries.

It also has an internal regulation that prohibits its affiliates from hitting paying targets again. These features paint RansomHub as an innovative organization with a busy future ahead of it.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment