RansomHub is a financially motivated ransomware-as-a-service (RaaS) operation that first emerged in early February 2024, distinguishing itself through an innovative affiliate payment model designed to attract members from disrupted groups. The group is assessed with moderate confidence to be Russian-based or Russian-friendly, as evidenced by its prohibition on attacking Commonwealth of Independent States (CIS) countries, Cuba, North Korea, and China. RansomHub quickly rose to prominence by recruiting former affiliates from high-profile ransomware groups such as ALPHV (BlackCat) and LockBit, offering a 90% share of ransom payments to affiliates, with affiliates managing their own wallets. This structure aimed to address trust issues prevalent in the cybercrime underground following exit scams by other RaaS operations. Security researchers widely believe RansomHub to be a successor or rebrand of the Knight ransomware, also known as Cyclops or Cyclops 2.0, due to significant code similari

Paises afectados

URLs nuevas detectadas en IntelTracker