• RansomHub Attacks: RansomHub targets healthcare and critical sectors with phishing-based ransomware as recently as August.
• Double Extortion Strategy: The group encrypts and steals data, threatening to leak it unless a ransom is paid.
• Mitigation Steps: Experts recommend updates, phishing-resistant MFA, training, and regular ransomware response exercises. 

Federal Agencies Issue Warning About Ransomware Group

A joint cybersecurity advisory warns that the ransomware group RansomHub is using phishing attacks to hack healthcare organizations and other critical infrastructure sectors. The advisory was issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

Since forming in February, the cybercriminal gang RansomHub has encrypted and exfiltrated data from at least 210 victims; FBI threat response activities and third-party reporting have identified attacks as recently as August.

The group is also reportedly behind the February Change Healthcare hacking incident, which is now being called the largest-ever cyberattack in healthcare. Read more about that incident on our blog.

Ransomware Group Uses Double Extortion

RansomHub is a ransomware-as-a-service variant, previously known as Cyclops and Knight, that has become a highly effective and successful model. It draws high-profile affiliates from other major variants like LockBit and ALPHV. These affiliates use a “double extortion” strategy, encrypting and stealing data. Victims typically have three to 90 days to pay the ransom before the stolen data is posted on the RansomHub Tor data leak site.

Actions to Mitigate Cyber Threats from Ransomware

1. Install updates for operating systems, software, and firmware as soon as they are released.
2. Require phishing-resistant MFA (i.e., non-SMS text based) for as many services as possible.
3. Train users to recognize and report phishing attempts. Ongoing training and awareness programs, such as PrivaPlan’s Managed Phishing program, can help organizations effectively discourage cyber threats.
4. Prioritize remediating known exploited vulnerabilities.

“The recommendations provided are indeed best practices, and PrivaPlan consistently emphasizes these to our customers,” stated Ron Bebus, PrivaPlan CIO, CISSP. “However, even with all the mitigation steps in place, it just takes one staff member a moment of inattention to allow ransomware to take hold.”

PrivaPlan advises conducting regular tabletop exercises to simulate ransomware infections within an organization’s systems. “Disaster and recovering planning exercises help IT staff, management, and managed service providers (MSPs) understand how to contain the spread and recover from such attacks,” Bebus added.