How RansomHub went from zero to 210 victims in six months

RansomHub, a ransomware-as-a-service outfit formed earlier this year, has already victimized over 210 entities across various sectors. Affiliates penetrate systems via phishing emails, password spraying and exploiting known weaknesses. Post intrusion, they deploy an array of tactics including log deletion and ransomware planting. RansomHub’s success is due to its ability to attract skilled former associates of LockBit and ALPHV/BlackCat. The agencies recommend a range of mitigation strategies to combat these diverse tactics.