RansomHub is now the top Ransomware-as-a-Service (RaaS) affiliate program since it hit the ransomware scene in February 2024. RansomHub claimed responsibility for 15% of over 1,000 ransomware breaches that Intel 471 tracked in Q3 2024 — well ahead of Play, LockBit, Meow Team, Akira and Hunters International.
But what’s behind RansomHub’s rapid ascent? RansomHub was one of several emerging RaaS programs that boosted activity in the aftermath of law enforcement dismantling LockBit and ALPHV (aka BlackCat). What tools, talent and techniques did RansomHub adopt from other ransom groups to scale up its operations so quickly? While it built custom ransomware that can target Linux, VMware ESXi hypervisor and Windows, its RaaS management panel also exhibited similarities to a now-defunct ransomware operation.
Join Steve Martin, an Intel 471 Intelligence Fusion Specialist, at our next webinar on 14 November 2024, where he’ll canvas RansomHub’s origin story, the affiliate program’s rise, and what the future holds for this group.
