ransomhouse Ransomware Group
Ransomware group profile
Description
RansomHouse is a cybercriminal organization that specializes in data extortion through ransomware attacks, primarily targeting organizations with unpatched vulnerabilities. They employ double extortion tactics, encrypting data while threatening to leak it if ransom demands are not met. As a Ransomware-as-a-Service group, they have gained notoriety for their sophisticated phishing campaigns and exploitation of critical network weaknesses.
Key insights
- •Employs double extortion tactics by encrypting files and threatening to leak sensitive data.
- •Specializes in exploiting unpatched vulnerabilities and deploying advanced social engineering techniques.
- •Utilizes Ransomware-as-a-Service (RaaS) model to scale operations and tailor attacks to victims.
- •Targets various sectors, including healthcare and retail, with a focus on organizations with weak cybersecurity measures.
- •Utilizes tools like MrAgent and Mario ESXi for ransomware deployment and execution.
- •Recent activities indicate a shift towards targeting smaller, less-prepared organizations.
- •Ransom demands are typically paid in cryptocurrency to maintain anonymity.
Threat Level & Status Breakdown
For ransomhouse · Based on incidents in selected period
Recent activity
Monthly attack count for ransomhouse in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for ransomhouse
- 50520639cf77df0c15cc95076fac901e3d04b708
- 5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2
- bfc9b956818efe008c2dbf621244b6dc3de8319e89b9fa83c9e412ce70f82f2c
- bf80c96089d37b8571b5de7cab14dd9f
- d6d6174ec5370d8ffa8a163863544d52501813dc
- 26b3c1269064ba1bf2bfdcf2d3d069e939f0e54fc4189e5a5263a49e17872f2a
- 7e35c5a7ff185dbff35e05fa91385cbf
- ea6adefdd2be00d0c7072a9abe188ba9b0c9a75fa57f13a654caeaaf4c3f5fbc
- a97a28276e4f88134561d938f60db495
- d36afcfe1ae2c3e6669878e6f9310a04fb6c8af525d17c4ffa8b510459d7dd4d
- 01735bb47a933ae9ec470e6be737d8f646a8ec66
- 518544e56e8ccee401ffa1b0a01a10ce23e49ec21ec441c6c7c3951b01c1b19c
- 2c89a18944d3a895bd6432415546635e
- e078778b62796bab2d7ab2b04d6b01bf
- b9e4784fa0e6283ce6e2094426a02fce
- 3751997cfcb038e6b658e9180bc7cce28a3c25dbb892b661bcd1065723f11f7e
- 6e39063ca953f46f1d2fe50e9934aac4d0f08855b7b6b8d8996e7790da4e2d06
- ade84908dde9e1fbed35f643b210a6e2ade1f7c7
- b379d8f583112cad3cf60f95ab3a67fd
- 0fe7fcc66726f8f2daed29b807d1da3c531ec004925625855f8889950d0d24d8
- 0dcbb7c7af77efd4a2b39f2303806fcd
- b27ff24870d93d651ee1d8e06276fa98
- b1221000f43734436ec8022caaa34b133f4581ca3ae8eccd8d57ea62573f301d
- eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
- 8023d01ffb7a38b582f0d598afb974ee
- 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
- c0ec15e08b4fb3730c5695fb7b4a6b85f7fe341282ad469e4e141c40ead310c3
- 0a77e537c64336f97a04020e59d17d09d459d1626a075878e2b796d1e1033038
- ba4d58f2c5903776fe47c92a0ec3297cc7b9c8fa16b3bf5f40b46242e7092b46
- bab3c87cac6db1700f0a0babaa31f5cd544961d1b9ec03fd8bcdeff837fc9755
- 905b18d5df58dd6c16930e318d9574a2ad793ec993ad2f68bca813574e3d854b
- 5724d76f832ce8061f74b0e9f1dcad90
- 6f53f99b0a19150d53244d691dd04e80
- c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
- 6bb0c60195d90b032a3488b50a38a797dfcf9104
- a638fd203ddb540d0484d8e00490df06
- e06520c65bf27d9110d68ecc0de0e0824c3a99be080ead1a5b5be8fd2a26d12d
- 5995aaff5a047565c0d7fe3c80fa354c40e7e8c3e7d4df292316c8472d4ac67a
- afe398e95a75beb4b0508c1bbf7268e8607d03776af0b68386d1e2058b374501
- e1de05a2832437ab70d36c4c05b43c4a57f856289224bbd41182deea978400ed
- 0f11aeecbde1f355d26c9d406dad80cb0ae8536aea31fdddaf915d4afd434f3f
- df72a87f9cbeb9e659f1a833c256a76650d91f28
- a3dbcc9d4e1dd523f2848689f7e0753465de6188cfac4d3a52389ab1ec3db836
- 2809e15a3a54484e042fe65fffd17409
- 98380ec6bf4e03d3ff490cdc6c48c37714450930e4adf82e6e14d244d8373888
- 2c1a4fe4a2ac4f0a49052f9521458136eb477fe23665dc4b7076fbd32de3005d
- e1c371c7c39c16d208bcbaa5b5d0714df696e6ef68b95a880673a904527c8b96
- 7d100a7028f7c3e398602bba56e1dc0a5550e730
- e9b209606646f98d65dc4c95534eb01aecb087c9
- 4a8f0331abaf8f629b3c8220f0d55339cfa30223
- 09eb513f284771461bcdc16ee28d31ce8bbe74e0
- 6e01ef1367ea81994578526b3bd331d6
- 4d97497247e65144814d99eb0dab77d39f4863058dd1109637d5be39be082c57
- e7622d983d22e749b3658600df00296d
- e79984ea02b2049b1e74452013529da5
- f58cf55b944f5942f1d120d95140b800
- 7eec7d07587112777016e5742c0d002d7e64a3e1fe7bde82fed8f65e3663456a
- 7ae38a27494dd6c1bc9ab3c02c3709282e0ebcf1e5fcf59a57dc3ae56cfd13b4
- aac5d83d296df81c9259c9a533a8423a
- 3934b3da6bad0b4a28483e25e7bab919d7ed31f2f51cca22c56535b9f8183a0e
- aba978d4c2d2cab9801979b54065a07cd11eddff
- 3243e04afe18cc5e1230d49011e19899
- 9fd32ffbe2bfe0f1b9bf8c0ebd09697d
- 0a18d66e3f72e21b9a507739dbeb009d017dcfe0
- c6b727d7cff517577db838db18ad17b46334d3c91c2e50893634e56cdc19e41f
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for ransomhouse
T1486
T1486
T1490
T1490
T1078
T1078
T1059
T1059
T1021
T1021
T1562
T1562
T1547
T1547
T1021.001
T1021.001
T1080
T1080
T1003
T1003
Victims(76)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Fidelity Services Group | fidelity-services.com | GB United Kingdom | Financial Services | Claimed | about 21 hours ago | |
| Megawork | megawork.com.br | BR Brazil | Professional Services | Claimed | about 1 hour ago | |
| [DISCLOSED]Prince George County | — | — | — | Claimed | 10 days ago | |
| [EVIDENCE]Prince George County | — | — | — | Claimed | 14 days ago | |
| [DISCLOSED]Karl Chevrolet | — | — | — | Claimed | 24 days ago | |
| Bonacio | bonacio.com | IT Italy | Other | Claimed | 17 days ago | |
| Prince George County | princegeorgecountyva.gov | US United States | Government & Defense | Claimed | 29 days ago | |
| Promepla | promepla.com | AR Argentina | Manufacturing | Claimed | 30 days ago | |
| Ma Pak Leung Company Limited | mapakleung.com | HK Hong Kong | Other | Claimed | about 1 month ago | |
| Aegle Aviation | aegleaviation.com | IN India | Transportation | Claimed | about 1 month ago | |
| Karl Chevrolet | — | US United States | Retail & E-Commerce | Claimed | 3 months ago | |
| Cybersecurity Vendor | — | NA Namibia | Technology | Claimed | 3 months ago | |
| Star Energy Geothermal Salak | starenergy.co.id | ID Indonesia | Energy & Utilities | Claimed | 3 months ago | |
| Jiangsu Zenergy Battery Technologies Group Co., Ltd. | zenergy.cn | CN China | Energy & Utilities | Claimed | 3 months ago | |
| Winnitex (Americas) Limited | winnitex.com | US United States | Manufacturing | Claimed | 3 months ago | |
| Trellix (McAfee & FireEye) | trellix.com | US United States | Technology | Claimed | 2 months ago | |
| Transaction Packing Inc | transactionpacking.com | US United States | Transportation | Claimed | 3 months ago | |
| [DISCLOSED]Accelerated Services | — | — | — | Claimed | 3 months ago | |
| [DISCLOSED]Bioptik Technology | — | TW Taiwan | Technology | Claimed | 3 months ago | |
| [DISCLOSED] Irec Sas | — | FR France | Hospitality | Claimed | 4 months ago |
Page 1 of 4
Affected countries(60)
Countries where this group has been reported to target or leak victims.