Reposted from CISA/DHS

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) published joint Cybersecurity Advisory (CSA) #StopRansomware: RansomHub Ransomware, formerly known as Cyclops and Knight, that has established itself as an efficient and successful model.  This advisory provides known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with RansomHub identified through FBI investigations and third-party reporting as recently as August 2024. A ransomware-as-a-service, RansomHub has encrypted systems and exfiltrated data from at least 210 victims representing all critical infrastructure sectors using a double-extortion model. Phishing emails, exploitation of known vulnerabilities, and password spraying are typical methods used by RansomHub affiliates to compromise internet facing system and user endpoints; password spraying targets accounts compromised through data breaches. Recommended mitigations and actions to protect against RansomHub include installing updates for operating systems, software, and firmware as soon as they are released, requiring phishing-resistant multifactor authentication (MFA) for as many services as possible, and training users to recognize and report phishing attempts.  Organizations are encouraged to review the advisory, IOCs, TTPs, and implement recommended mitigations to protect against ransomware threat actors. Organizations are also encouraged to visit stopransomware.gov, a whole-of-government approach with one central location for no-cost U.S. ransomware resources and alerts, to access an updated Joint #StopRansomware Guide.

See Original Post