A threat actor conducted a multi-day intrusion starting with a password spray attack on an exposed RDP server, followed by credential harvesting using Mimikatz and Nirsoft tools, extensive network discovery, data exfiltration via Rclone over SFTP, and finally deploying RansomHub ransomware across the network using SMB and remote services. The incident featured lateral movement using legitimate tools like Atera and Splashtop for persistence and exhibited advanced evasion tactics including clearing shadow copies and event logs. #RansomHub #Mimikatz #Rclone #Atera #Splashtop #RDPPasswordSpray
Search Results for: ransomhub
Ransomware attacks are evolving, increasingly utilizing affiliate models with initial access brokers, notably using the SocGholish malware. This loader delivers dangerous payloads, leading to RansomHub
eSentireâs Threat Response Unit (TRU) has identified a sophisticated cyberattack utilizing SocGholish malware to collect system information and deploy a Python-based backdoor linked to the
ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa,
This article discusses a range of exploits and malware variants associated with RansomHub, Betruger, and various other threats. Notably, it highlights multiple hashes identified as
RansomHub, a ransomware-as-a-service variant, poses a significant threat to critical sectors like healthcare, transportation, and water systems. It employs a double-extortion model by encrypting data
GuidePoint Security identified a Python-based backdoor used by a threat actor to maintain access to compromised systems and deploy RansomHub encryptors across the network. The
