Ransomhouse

Malware updated 16 hours ago (2024-10-17T13:04:19.612Z)
Download STIX
Preview STIX
RansomHouse, active since 2021, is a malware group that identifies itself as a "professional mediators community" and targets organizations showing negligence towards their customers' data privacy and security. The group has claimed significant victims such as chipmaker AMD and Africa's largest retailer, Shoprite. RansomHouse is known for using various ransomware strains available on dark markets, rather than having its own signature ransomware. Interestingly, the group often purchases already compromised data or collaborates with data leak sites to extort victims. Recent advisories from CISA and FBI have identified Fox Kitten, an Iranian group, as providing initial access to compromised networks for ransomware strains like ALPHV (or BlackCat), RansomHouse, and NoEscape. In a more recent development, Fox Kitten has been found directly collaborating with ransomware gangs, including NoEscape, RansomHouse, and ALPHV/BlackCat. This collaboration involves sharing a percentage of any collected ransom payments. The partnership between these groups represents a concerning evolution in the threat landscape, as it points to a higher degree of cooperation among different cybercriminal entities. The analysis conducted by VMware Carbon Black’s TAU and MDR-POC teams has revealed intriguing similarities between RansomHouse and another ransomware group, 8Base. Both groups use similar ransom notes and a variety of ransomware strains, including a variant known as Phobos. Further, 8Base's verbal style, based on its leak site and public accounts, is quite akin to RansomHouse. These findings have raised questions about whether 8Base operates similarly to RansomHouse by using different ransomware and if 8Base might be an offshoot of RansomHouse.
Description last updated: 2024-10-17T12:09:10.953Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
NoEscape is a possible alias for Ransomhouse. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023,
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Fox Kitten Threat Actor is associated with Ransomhouse. Fox Kitten, an Iran-based cyber espionage group active since at least 2017, has been a significant threat actor in the cybersecurity landscape. This group primarily targets VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure for initial access into networks. The FBI identified FoUnspecified
2
The Alphv Threat Actor is associated with Ransomhouse. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its laUnspecified
2
Source Document References
Information about the Ransomhouse Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more