Analysis of RansomHub Ransomware Operations

This technical report provides an in-depth analysis of the RansomHub ransomware group, which emerged as a significant threat in 2024. The report details the group's activities, including its rapid rise in prominence and the sectors it has targeted, such as healthcare, financial services, and public services. It outlines the operational tactics of RansomHub, including its use of a double extortion model that involves both data exfiltration and encryption. The report also presents statistical data from Incident Response engagements, highlighting the median ransom demands and payments. Additionally, it includes a technical analysis of the ransomware's execution patterns, command line arguments, and the encryption methods employed. The report concludes with security recommendations aimed at mitigating risks associated with RansomHub's evolving tactics, emphasizing the need for enhanced defenses against this cyber threat.