US Agencies Alert On RansomHub’s Expanding Threat

Table of Contents

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released an advisory about RansomHub, a group that became well-known after it stole data from UnitedHealth Group in April.1 Since February, over 210 organizations have been hit by Ransomware attacks from the RansomHub group.2 

The advisory’s findings include how RansomHub operates, and which sectors are hit the hardest. With such a huge impact, organizations need to know how they’re being attacked and what they can do to stay safe. 

RansomHub’s Rising Influence & Its Impact on Key Sectors

The advisory mentions that RansomHub has been targeting victims in many areas, such as water, IT, healthcare, emergency services, agriculture, finance, manufacturing, transportation, communications, and government.

RansomHub’s rise came after two major Ransomware groups, LockBit and AlphV, were taken down. The advisory states that RansomHub is now drawing in key members from both of these groups.

The UnitedHealth Group attack, which affected personally identifiable information (PII) or protected health information (PHI) covering a “substantial proportion of people in America,” was carried out by hackers working for AlphV. After AlphV was shut down, these hackers moved to RansomHub, which sold the stolen data.

Since then, RansomHub has become a major player in Ransomware. They claimed responsibility for attacks on major companies and institutions like telecom giant Frontier, Rite Aid, British auction house Christie’s, the city of Columbus, Ohio, and one of the oldest credit unions in the U.S.

The advisory says that RansomHub comes from earlier Ransomware groups called Cyclops (rebranded as Knight) but has now become a very effective and successful operation.

How RansomHub Operates & What Victims Should Know

The findings in the advisory are based on several investigations by CISA, the FBI, and other federal Cybersecurity officials.

The agencies found that RansomHub affiliates first lock up systems and steal data before trying to extort money from victims. Victims usually don’t get a ransom demand; instead, they receive a link to contact the hackers.

According to the advisory, victims have between three and 90 days to pay before their data is published, depending on the affiliate. Most victims are targeted through online systems, phishing emails, or vulnerabilities in their software.

The advisory lists many vulnerabilities that RansomHub exploits, including issues in products from Citrix, Fortinet, Apache, BIG-IP, Microsoft, and Atlassian. The exploits for these vulnerabilities are often bought or stolen. RansomHub affiliates also use remote access software like Anydesk.

As part of government’s crackdowns against Ransomware, all agencies behind the advisory recommend that victims immediately report these incidents. The advisory was released on the same day CISA launched a new cyber incident reporting portal to make it easier to notify authorities. 

How Can Organizations Better Protect Themselves From These Escalating Threats?

Ransomware attacks are becoming more common and sophisticated. Here are some tips to help you defend against these growing threats:

1. Regularly Patch Your Systems & Software

The 2Secure team often advises to apply patches and updates as soon as they become available. According to a Sophos report, 32% of Ransomware attacks started with an unpatched vulnerability. These attacks exploit known vulnerabilities in outdated software, so keeping everything up-to-date helps close off many of these potential entry points.

2. Use Strong Passwords & Multi-Factor Authentication (MFA)

Protect your accounts with strong, unique passwords. Consider using a password manager to keep track of them. Enable multi-factor authentication (MFA) wherever possible. This adds an extra layer of security by requiring a second form of verification in addition to your password.

3. Backup Your Data Separately and Offline

Regularly backup your important data and store it in a secure, separate location and offline. If you get hit by Ransomware, you can restore your files from these backups without paying a ransom. Make sure your backups are also protected with strong security measures.

4. Train Your Team

Train your employees on how to spot phishing emails and other common attack methods. They should be cautious about clicking on links or downloading attachments from unknown sources. Regular training helps prevent accidental infections.

5. Report Incidents Promptly

As advised by CISA and other government agencies, if you do experience a Ransomware attack, report it to the relevant government agency. They can offer support, help you understand the situation better, and assist you in dealing with such attacks. 

6. Seek Expert Help

If you’re unsure about your current security measures or need assistance, ask for help from Cybersecurity experts. They can set an endpoint detection and response (EDR) plan if a Ransomware attack does occur. This should include containing the attack, communicating with stakeholders, and recovering your data.

Check out our webinar, “Ransomware Readiness,” which covers strategies on how to protect your organization from Ransomware’s common entry points and tackle the challenges that defenders often face.

FAQ

What US Agency Is Responsible For Cyber Threats?

The Cybersecurity and Infrastructure Security Agency (CISA) is the main U.S. agency responsible for handling cyber threats. They work to protect the nation’s critical infrastructure and help organizations improve their Cybersecurity.

What Is The Most Concerning Cybersecurity Threat To Organizations Today?

Today, organizations face several big Cybersecurity threats, including social engineering, phishing, Ransomware, AI-enabled attacks, and even insider threats. It’s not just one issue but a mix of threats that can impact businesses. Cybercrime is expected to cost companies worldwide around $10.5 trillion annually by 2025 so it’s critical to address all these threats to keep your organization safe.

How Can Organizations Can Stop Ransomware? 

To stop Ransomware, organizations should be aware of these attacks in the first place. They must keep systems updated, use strong security measures, and educate staff. 2Secure can help by running Ransomware attack simulations and penetration testing to find and close vulnerabilities in your security before attackers can exploit them.

Source:

  1. Cyberattack on Change Healthcare  | HHS. (2024, March 13). Department of Health and Human Services. https://www.hhs.gov/sites/default/files/cyberattack-change-healthcare.pdf
  2. #StopRansomware: RansomHub Ransomware | CISA. (2024, August 29). Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
Share this article with a friend

Related Posts

5 Common Causes Of WordPress Site Crashes & How To Prevent It

5 Common Causes Of WordPress Site Crashes & How To Prevent It

If you’re a small business owner, you probably have a website powered by WordPress, which is used by 43.5% of…
What to Do If Your Mobile Phone Is Hacked

What to Do If Your Mobile Phone Is Hacked

What to Do If Your Mobile Phone Is Hacked As we become more digitally connected, a mobile phone is now…
What Is DIY Malware

What Is DIY Malware

Malware-based threats surged by 30% in the first half of 2024 compared to the same period in 2023, according to…

Create an account to access this functionality.
Discover the advantages