Hundreds of organizations — including Rite Aid, Frontier Communications, Christie's, and Planned Parenthood of Montana — have already been compromised by the RansomHub ransomware-as-a-service operation less than a year after its emergence after enlisting affiliates of the ALPHV/BlackCat and LockBit ransomware gangs, which had been dismantled earlier this year, according to The Register.
Affiliates of the now-defunct ransomware groups have gravitated toward the nascent Russia-linked RansomHub crew due to its generous payment model that provided a 90% payout for attackers, noted ReliaQuest Senior Vice President of Security Operations Michael McPherson.
"Their actual tactics are not unique, but their ability to move fast and fill a void is what makes them so noteworthy at this moment in time. Or maybe they're just trying to run as hard and fast as they can, because they know they're protected where they are," said McPherson.
RansomHub — which was reported by ReliaQuest to be the most prolific ransomware gang in the third quarter — is also expected by ZeroFox analysts to be the purveyor of the most severe cybersecurity threat in the coming year.
