#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

RansomHub | Breaking Cybersecurity News | The Hacker News

Category — RansomHub
RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

Aug 15, 2024 Ransomware / Cybercrime
A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator . The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in connection with a failed ransomware attack in May 2024. "The EDRKillShifter tool is a 'loader' executable – a delivery mechanism for a legitimate driver that is vulnerable to abuse (also known as a 'bring your own vulnerable driver,' or BYOVD , tool)," security researcher Andreas Klopsch said . "Depending on the threat actor's requirements, it can deliver a variety of different driver payloads." RansomHub , a suspected rebrand of the Knight ransomware, surfaced in February 2024, leveraging known security flaws to obtain initial access and drop legitimate rem
Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

Scattered Spider Adopts RansomHub and Qilin Ransomware for Cyber Attacks

Jul 17, 2024 Cybercrime / Ransomware
The infamous cybercrime group known as Scattered Spider has incorporated ransomware strains such as RansomHub and Qilin into its arsenal, Microsoft has revealed. Scattered Spider is the designation given to a threat actor that's known for its sophisticated social engineering schemes to breach targets and establish persistence for follow-on exploitation and data theft. It also has a history of targeting VMWare ESXi servers and deploying BlackCat ransomware. It shares overlaps with activity clusters tracked by the broader cybersecurity community under the monikers Gold Harvest, 0ktapus, Octo Tempest, and UNC3944. Last month, it was reported that a key member of the group was arrested in Spain. RansomHub, which arrived on the scene earlier this February, has been assessed to be a rebrand of another ransomware strain called Knight, according to an analysis from Broadcom-owned Symantec last month. "RansomHub is a ransomware-as-a-service (RaaS) payload used by more and mor
The New Effective Way to Prevent Account Takeovers

The New Effective Way to Prevent Account Takeovers

Sep 04, 2024SaaS Security / Browser Security
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, " Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them " argues that the browser is the primary battleground where account takeover attacks unfold and, thus, where they should be neutralized. The report also provides effective guidance for mitigating the account takeover risk.  Below are some of the key points raised in the report: The Role of the Browser in Account Takeovers According to the report, the SaaS kill chain takes advantage of the fundamental components that are contained within the browser. For account takeover, these include: Executed Web Pages - Attackers can create phishing login pages or use MiTM over legitimate web pages to harve
Expert Insights / Articles Videos
Cybersecurity Resources