Ransomhouse

Malware updated 22 days ago (2024-11-29T13:56:10.844Z)
Download STIX
Preview STIX
RansomHouse is a malicious software (malware) that has been active since 2021 and describes itself as a “professional mediators community” targeting organizations with lax attitudes towards customer data privacy and security. The malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. Recent victims claimed by RansomHouse include chipmaker AMD and Africa's largest retailer, Shoprite. Interestingly, RansomHouse does not use its own signature ransomware but relies on a wide variety of ransomware available on dark markets. The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have recently identified Fox Kitten as a group providing initial access to compromised networks to operators of ransomware strains such as ALPHV (or BlackCat), RansomHouse, and NoEscape in return for a share of any ransom collected. Further investigations revealed Fox Kitten’s direct collaboration with these ransomware gangs, including RansomHouse, in executing ransomware attacks. This collaboration involves exchanging a percentage of the ransom payments. RansomHouse has also been linked to the cybercriminal group 8Base. Both groups exhibit similar communication styles and ransom notes, suggesting a potential connection. Analysis conducted by VMware Carbon Black’s Threat Analysis Unit (TAU) and Managed Detection Response Proof of Concept (MDR-POC) teams showed statistical similarities between RansomHouse, 8Base, and another group known as Phobos. There are indications that 8Base might be an offshoot of RansomHouse, adopting other ransom group codes and Tactics, Techniques, and Procedures (TTP) standards. However, this relationship remains unconfirmed. Despite these uncertainties, it is clear that RansomHouse poses a significant threat to data security worldwide.
Description last updated: 2024-10-31T02:01:50.739Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
NoEscape is a possible alias for Ransomhouse. NoEscape is a malicious software, or malware, known for its ransomware capabilities. It infiltrates systems often undetected via suspicious downloads, emails, or websites, causing significant harm by stealing personal data, disrupting operations, and holding data hostage for ransom. In October 2023,
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Fox Kitten Threat Actor is associated with Ransomhouse. Fox Kitten, an Iran-based cyber espionage group active since at least 2017, has been a significant threat actor in the cybersecurity landscape. This group primarily targets VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure for initial access into networks. The FBI identified FoUnspecified
2
The Alphv Threat Actor is associated with Ransomhouse. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient pUnspecified
2