Emergent RansomHub ransomware — which was leveraged in attacks against Change Healthcare, Frontier Communications, and Christie's auction house — was discovered by Symantec researchers to be an evolved iteration of the Knight ransomware, also known as Cyclops 2.0, reports The Hacker News.Only a new "sleep" option within the command-line help menu and distinct commands executed by cmd.exe differentiated RansomHub from Knight ransomware, both of which were based on the Go programming language and had the same obfuscation approach, ransom notes, and safe mode restarts prior to encryption, according to the Symantec report.The findings also showed that both Notchy and Scattered Spider, which were previously affiliated with the ALPHV/BlackCat ransomware operation, have entered a partnership with RansomHub, echoing a recent report from Mandiant."The speed at which RansomHub has established its business suggests that the group may consist of veteran operators with experience and contacts in the cyber underground," said researchers.
Ransomware, Threat Intelligence
RansomHub ransomware’s origins uncovered

Credit: Adobe Stock Images
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



