Ransomhouse

RansomHouse is a malicious software (malware) that has been active since 2021 and describes itself as a “professional mediators community” targeting organizations with lax attitudes towards customer data privacy and security. The malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. Recent victims claimed by RansomHouse include chipmaker AMD and Africa's largest retailer, Shoprite. Interestingly, RansomHouse does not use its own signature ransomware but relies on a wide variety of ransomware available on dark markets. The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have recently identified Fox Kitten as a group providing initial access to compromised networks to operators of ransomware strains such as ALPHV (or BlackCat), RansomHouse, and NoEscape in return for a share of any ransom collected. Further investigations revealed Fox Kitten’s direct collaboration with these ransomware gangs, including RansomHouse, in executing ransomware attacks. This collaboration involves exchanging a percentage of the ransom payments. RansomHouse has also been linked to the cybercriminal group 8Base. Both groups exhibit similar communication styles and ransom notes, suggesting a potential connection. Analysis conducted by VMware Carbon Black’s Threat Analysis Unit (TAU) and Managed Detection Response Proof of Concept (MDR-POC) teams showed statistical similarities between RansomHouse, 8Base, and another group known as Phobos. There are indications that 8Base might be an offshoot of RansomHouse, adopting other ransom group codes and Tactics, Techniques, and Procedures (TTP) standards. However, this relationship remains unconfirmed. Despite these uncertainties, it is clear that RansomHouse poses a significant threat to data security worldwide.