Advisoryseverity: High2024-08-29
FBI/CISA/MS-ISAC/HHS joint advisory on RansomHub (AA24-242A)
published by CISA
Actor
Russian-speaking ransomware-as-a-service operation announced via RAMP forum on 2 February 2024 by a user 'koley', widely assessed as the primary destination for displaced ALPHV/BlackCat and LockBit a…
Summary
FBI, CISA, MS-ISAC, and HHS released joint cybersecurity advisory AA24-242A disseminating RansomHub indicators of compromise and TTPs identified through FBI threat-response activities and third-party reporting through August 2024. The advisory followed RansomHub's emergence in February 2024 as the destination for displaced ALPHV/BlackCat and LockBit affiliates, by which point the brand had become the most prolific ransomware operation on public leak-site tracking.
Tags
ransomwarejoint-advisoryttps