ransomhouse
Ransomware group profile
71Victims
RussiaSource country
79Impact score
Also Known As
Jolly Scorpius
Description
RansomHouse is a cybercriminal organization that specializes in data extortion through ransomware attacks, primarily targeting organizations with unpatched vulnerabilities. They employ double extortion tactics, encrypting data while threatening to leak it if ransom demands are not met. As a Ransomware-as-a-Service group, they have gained notoriety for their sophisticated phishing campaigns and exploitation of critical network weaknesses.
Key insights
- •Employs double extortion tactics by encrypting files and threatening to leak sensitive data.
- •Specializes in exploiting unpatched vulnerabilities and deploying advanced social engineering techniques.
- •Utilizes Ransomware-as-a-Service (RaaS) model to scale operations and tailor attacks to victims.
- •Targets various sectors, including healthcare and retail, with a focus on organizations with weak cybersecurity measures.
- •Utilizes tools like MrAgent and Mario ESXi for ransomware deployment and execution.
- •Recent activities indicate a shift towards targeting smaller, less-prepared organizations.
- •Ransom demands are typically paid in cryptocurrency to maintain anonymity.
Threat Level & Status Breakdown
For ransomhouse · Based on incidents in selected period
2.2threat level
Aggressiveness6/ 10
Lethality0/ 10
Criticality0.5/ 10
Status Breakdown
Claimed100.0%71
First seenJul 2025
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 25, 2026
Recent activity
Monthly attack count for ransomhouse in the selected period
71Total attacks
18peak in Oct
5.9avg / month
↑ 2 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for ransomhouse
- 50520639cf77df0c15cc95076fac901e3d04b708
- 5bef7608d66112315eefff354dae42f49178b7498f994a728ae6203a8a59f5a2
- bfc9b956818efe008c2dbf621244b6dc3de8319e89b9fa83c9e412ce70f82f2c
- bf80c96089d37b8571b5de7cab14dd9f
- 907ddb26b0dc6ed70dfb7bfedf3e7e6f6b548aea0a5b568f1f38c007204e79f6
- d6d6174ec5370d8ffa8a163863544d52501813dc
- 26b3c1269064ba1bf2bfdcf2d3d069e939f0e54fc4189e5a5263a49e17872f2a
- 7e35c5a7ff185dbff35e05fa91385cbf
- ea6adefdd2be00d0c7072a9abe188ba9b0c9a75fa57f13a654caeaaf4c3f5fbc
- a97a28276e4f88134561d938f60db495
- d36afcfe1ae2c3e6669878e6f9310a04fb6c8af525d17c4ffa8b510459d7dd4d
- 01735bb47a933ae9ec470e6be737d8f646a8ec66
- 518544e56e8ccee401ffa1b0a01a10ce23e49ec21ec441c6c7c3951b01c1b19c
- 2c89a18944d3a895bd6432415546635e
- e078778b62796bab2d7ab2b04d6b01bf
- b9e4784fa0e6283ce6e2094426a02fce
- 3751997cfcb038e6b658e9180bc7cce28a3c25dbb892b661bcd1065723f11f7e
- 6e39063ca953f46f1d2fe50e9934aac4d0f08855b7b6b8d8996e7790da4e2d06
- ade84908dde9e1fbed35f643b210a6e2ade1f7c7
- 60d4ed7b689f3019ed1c7d7c1a9fb4f3dd044cd20a9cb51ef0c53ed66a4f6a75
- b379d8f583112cad3cf60f95ab3a67fd
- 0fe7fcc66726f8f2daed29b807d1da3c531ec004925625855f8889950d0d24d8
- 10f312b172391840a62cbb8837e8d89ff4f144e05ff9b97876f2fea45ca3e7bc
- a90103beef6b85e3874c1b79ad22f9323a7514a8162b03e465fc45a36c69356f
- cad891ffdea6cdcf1fbe84ce490015f0a56b8cef7f386bc07c12adc67d6ecaaa
- 0dcbb7c7af77efd4a2b39f2303806fcd
- b27ff24870d93d651ee1d8e06276fa98
- b1221000f43734436ec8022caaa34b133f4581ca3ae8eccd8d57ea62573f301d
- 8023d01ffb7a38b582f0d598afb974ee
- 94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73
- c0ec15e08b4fb3730c5695fb7b4a6b85f7fe341282ad469e4e141c40ead310c3
- 0a77e537c64336f97a04020e59d17d09d459d1626a075878e2b796d1e1033038
- ba4d58f2c5903776fe47c92a0ec3297cc7b9c8fa16b3bf5f40b46242e7092b46
- bab3c87cac6db1700f0a0babaa31f5cd544961d1b9ec03fd8bcdeff837fc9755
- 905b18d5df58dd6c16930e318d9574a2ad793ec993ad2f68bca813574e3d854b
- 5724d76f832ce8061f74b0e9f1dcad90
- 6f53f99b0a19150d53244d691dd04e80
- c3804d1329b55a37bfa2f835e1e9bbc7bdb2b260f8e3627c06e02c9f52685d44
- 6bb0c60195d90b032a3488b50a38a797dfcf9104
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for ransomhouse
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1059
T1059
T1021
T1021
T1562
T1562
T1547
T1547
T1021.001
T1021.001
T1080
T1080
T1003
T1003
Victims(71)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| [DISCLOSED]Karl Chevrolet | — | — | — | Claimed | 3 days ago | |
| Prince George County | princegeorgecountyva.gov | US United States | Government & Defense | Claimed | 8 days ago | |
| Promepla | promepla.com | AR Argentina | Manufacturing | Claimed | 9 days ago | |
| Ma Pak Leung Company Limited | mapakleung.com | HK Hong Kong | Other | Claimed | 17 days ago | |
| Aegle Aviation | aegleaviation.com | IN India | Transportation | Claimed | 17 days ago | |
| Karl Chevrolet | — | US United States | Retail & E-Commerce | Claimed | about 2 months ago | |
| Cybersecurity Vendor | — | NA Namibia | Technology | Claimed | about 2 months ago | |
| Star Energy Geothermal Salak | starenergy.co.id | ID Indonesia | Energy & Utilities | Claimed | 2 months ago | |
| Jiangsu Zenergy Battery Technologies Group Co., Ltd. | zenergy.cn | CN China | Energy & Utilities | Claimed | 2 months ago | |
| Winnitex (Americas) Limited | winnitex.com | US United States | Manufacturing | Claimed | 2 months ago | |
| Trellix (McAfee & FireEye) | trellix.com | US United States | Technology | Claimed | about 2 months ago | |
| Transaction Packing Inc | transactionpacking.com | US United States | Transportation | Claimed | 2 months ago | |
| [DISCLOSED]Accelerated Services | — | — | — | Claimed | 3 months ago | |
| [DISCLOSED]Bioptik Technology | — | TW Taiwan | Technology | Claimed | 3 months ago | |
| [DISCLOSED] Irec Sas | — | FR France | Hospitality | Claimed | 3 months ago | |
| E&S Heating & Ventilation Ltd | — | — | — | Claimed | 3 months ago | |
| J & N Stone | — | US United States | Manufacturing | Claimed | 3 months ago | |
| Irec Sas | irec.fr | FR France | Hospitality | Claimed | 3 months ago | |
| Bioptik Technology | bioptik.com.tw | TW Taiwan | Technology | Claimed | 4 months ago | |
| Neinver | neinver.com | ES Spain | Hospitality | Claimed | 4 months ago |
Page 1 of 4
Affected countries(59)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇹Austria🇦🇺AustraliaAruba🇦🇿Azerbaijan🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇳China🇨🇴Colombia🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇴Dominican Republic🇩🇿Algeria🇪🇬Egypt🇪🇸Spain🇫🇮Finland🇫🇷France🇬🇧United Kingdom🇬🇷Greece🇭🇰Hong Kong🇭🇳Honduras🇭🇺Hungary🇮🇩Indonesia🇮🇱Israel🇮🇳India🇮🇹Italy🇯🇵Japan🇰🇳Saint Kitts and NevisKorea, Republic of🇲🇨Monaco🇲🇹Malta🇲🇻Maldives🇲🇽Mexico🇲🇾Malaysia🇳🇱Netherlands🇵🇭Philippines🇵🇰PakistanPuerto Rico🇵🇹Portugal🇵🇾Paraguay🇷🇸SerbiaRussian Federation🇸🇦Saudi Arabia🇸🇪Sweden🇸🇬Singapore🇹🇭Thailand🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇺🇾Uruguay🇺🇿UzbekistanVenezuela, Bolivarian Republic of🇻🇺Vanuatu🇿🇦South Africa