{"id":164195,"date":"2024-06-06T07:54:35","date_gmt":"2024-06-06T07:54:35","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=164195"},"modified":"2024-06-06T07:54:37","modified_gmt":"2024-06-06T07:54:37","slug":"ransomhub-raas-linked-knight-ransomware","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/164195\/malware\/ransomhub-raas-linked-knight-ransomware.html","title":{"rendered":"RansomHub operation is a rebranded version of the Knight RaaS"},"content":{"rendered":"
<\/div>\n

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation.<\/h2>\n\n\n\n

Cybersecurity experts who analyzed the recently emerged ransomware operation RansomHub <\/a>speculate that is is a rebranded version of Knight ransomware. <\/p>\n\n\n\n

Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android. The operators used a double extortion model for their RaaS operation.<\/p>\n\n\n\n

Knight ransomware-as-a-service operation shut down in February 2024, and the malware’s source code was likely sold to the threat actor who relaunched the RansomHub operation. RansomHub claimed responsibility for attacks against multiple organizations, including Change Healthcare, Christie’s<\/a>, and Frontier Communications<\/a>. <\/p>\n\n\n\n

Researchers at Symantec, part of Broadcom, discovered multiple similarities between the RansomHub and Knight ransomware families, suggesting a common origin:<\/p>\n\n\n\n