CISA and Partners Release Advisory on RansomHub Ransomware

CISA and Partners Release Advisory on RansomHub Ransomware

This Security Alert is from: CISA

CISA works with partners to defend against today’s threats and collaborate to build a more secure and resilient infrastructure for the future. CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. We are designed for collaboration and partnership. Learn about our layered mission to reduce risk to the nation’s cyber and physical infrastructure.

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS)—released a joint Cybersecurity Advisory, #StopRansomware: RansomHub Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with RansomHub activity identified through FBI investigations and third-party reporting as recently as August 2024.

RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—which has recently attracted high-profile affiliates from other prominent variants such as LockBit and ALPHV.

CISA encourages network defenders to review this advisory and apply the recommended mitigations. See #StopRansomware and the #StopRansomware Guide for additional guidance on ransomware protection, detection, and response. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including added recommended baseline protections.

CISA encourages software manufacturers to take ownership of improving the security outcomes of their customers by applying secure by design methods. For more information on Secure by Design, see CISA’s Secure by Design webpage and joint guide Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.

 

This alert has come from: https://www.cisa.gov/news-events/alerts/2024/08/29/cisa-and-partners-release-advisory-ransomhub-ransomware