Emulating The Relentless RansomHub Ransomware
Security Boulevard, Thursday, March 6th, 2025
AttackIQ has released a new attack graph emulating the behaviors exhibited by RansomHub ransomware since its emergence in February 2024. This sophisticated ransomware employs double extortion techniques and shares notable similarities with Knight ransomware.
RansomHub is a Ransomware-as-a-Service (RaaS) operation that emerged in early 2024, targeting organizations worldwide. Like many ransomware families, it follows a double-extortion model, encrypting victims' data while also stealing sensitive information to pressure them into paying a ransom. The encryptor is developed using either C++ or Go, with multiple versions designed to target various systems, including Windows, Linux, and ESXi servers. A distinctive characteristic of RansomHub is that its binary requires a password to execute and encrypt files, making sample analysis more challenging for researchers.