What is RansomHouse?
RansomHouse is a cybercrime operation that follows a Ransomware-as-a-Service (RaaS) business model, where affiliates (who do not require technical skills of their own) use the ransomware operator’s infrastructure to extort money from victims.
So they are a bog-standard ransomware gang?
Not quite. Many ransomware operations encrypt and steal your data, demanding a ransom for a decryption key and a promise not to sell or publish the exfiltrated data on the dark web.
RansomHouse, however, appears to often skip the step of encrypting victims’ data entirely – preferring to just steal the data instead, making threats to release it if a cryptocurrency ransom is not paid.
Great news! So my company can carry on as normal if it’s hit?
Well, yes your day-to-day operations may not be impacted if a ransomware group has not locked up your data.
But RansomHouse does still claim to have stolen your data. And that’s something that probably you, and definitely your customers and business partners should be worried about.
If they don’t encrypt your data how can you be sure they really stole your system?
Well, maybe you’ll feel a little less skeptical about RansomHouse’s threats when they post details of the hack on their dark web leak site.
In the example above, RansomHouse has linked to “evidence packs” and even a “full data dump” belonging to one of their victims, meaning that anyone can download the stolen data – without even requiring a password.
A message from the gang reads: “Dear management of Cell C. We are sure that you are not interested in your confidential data to be leaked or sold to a third party. We highly advise you to contact us.”
Ouch. So when did RansomHouse first appear, and are they associated with other ransomware gangs?
RansomHouse has been operating since late 2021 and has been linked to, or reused tools connected with, gangs like White Rabbit and Mario ESXi.
Who does RansomHouse target?
RansomHouse has made a name for itself by attacking organisations in education, government, manufacturing, and healthcare, including the likes of AMD, the University of Paris-Saclay, Bulgaria’s Supreme Administrative Court, and South African telecoms operator Cell C.
And do these organisations pay up?
As ever with ransomware attacks, some victims give in to the extortion and others do not.
In the case of the Parisian university, it confirmed that it would not be paying any ransom “in accordance with its principles and government directives.”
Did RansomHouse respond to non-payment by releasing the stolen data?
Yes, I’m afraid so. One terabyte of data, including personal documents, was published by the gang on its leak site on the dark web.
So how can my company protect itself from RansomHouse?
The best advice is to follow the recommendations on how to protect your organisation from other ransomware. Those include:
- Making secure offsite backups.
- Running up-to-date security solutions and ensuring that your computers and network devices are properly configured and protected with the latest security patches against vulnerabilities.
- Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication.
- Encrypting sensitive data wherever possible.
- Reducing the attack surface by disabling functionality that your company does not need.
- Educating and informing staff about the risks and methods used by cybercriminals to launch attacks and steal data – such as raising awareness of phishing attacks.
