The US Federal Bureau of Investigation (FBI) has announced that RansomHub ransomware has compromised more than 200 victims since its emergence in February 2024. This ransomware-as-a-service (RaaS) group, formerly known as Cyclops and Knight, has targeted a wide range of critical infrastructure sectors across the United States.
Recent high-profile breaches attributed to RansomHub include attacks on Patelco Credit Union, Rite Aid pharmacy chain, Christie’s auction house, and Frontier Communications. Frontier Communications subsequently reported a data breach affecting the personal information of over 750,000 customers. These incidents highlight the group’s reach and the significant risks posed by its operations.
In response to these threats, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Department of Health and Human Services (HHS), has released a joint Cybersecurity Advisory titled “#StopRansomware: RansomHub Ransomware.”
This advisory, updated with information from investigations and third-party reporting up to August 2024, provides crucial indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs) related to RansomHub’s activities.
RansomHub victims number at least 210
The advisory reveals that RansomHub has emerged as a potent RaaS model, attracting affiliates from other significant ransomware groups such as LockBit and ALPHV. It reports that the group has encrypted and exfiltrated data from at least 210 victims across numerous sectors. These include water and wastewater, government services, food and agriculture, healthcare, emergency services and financial services.
CISA’s advisory outlines essential mitigation strategies for network defenders, including addressing known vulnerabilities, using strong passwords and multifactor authentication (MFA), keeping software updated, and conducting regular vulnerability assessments. It also recommends reviewing CISA’s Cross-Sector Cybersecurity Performance Goals for additional protections and guidance on ransomware prevention and response.
Additionally, CISA advises software manufacturers to improve security outcomes by adopting secure-by-design principles.
The advisory explicitly cautions against paying ransoms, noting that such payments do not guarantee file recovery and may encourage further ransomware attacks and other criminal activities.
CNI increasingly vulnerable to ransomware
Patelco Credit Union, a member-owned, not-for-profit financial institution based in Northern California, is among the latest victims of a significant data breach. The ransomware attack perpetrated by the RansomHub group has impacted approximately 726,000 individuals, compromising a range of sensitive customer information. The stolen data includes full names, Social Security numbers, driver’s licence numbers, dates of birth, and email addresses.
A recent report from cybersecurity firm KnowBe4 has highlighted a sharp rise in cyberattacks against critical national infrastructure. The report reveals a 30% increase in such attacks this year, with the US power grid identified as particularly vulnerable. The number of weak points in the power grid network is growing at a rate of 60 per day, escalating from 21,000 in 2022 to an estimated 23,000-24,000 currently.
Globally, the report reveals that the average number of weekly cyberattacks against utilities has quadrupled since 2020, with a notable doubling of incidents occurring in the past year alone. Between January 2023 and January 2024, critical infrastructure worldwide experienced over 420 million attacks, averaging approximately 13 attacks per second.
Reported by Swagath Bandhakavi
Read more: UK government publishes new cybersecurity guidelines for businesses
