Analyst1 has published a report on RansomHouse: RansomHouse: Stolen Data Market, Influence Operations & Other Tricks Up the Sleeve.
The Executive Summary of the report by Anastasia Sentsova begins:
- This research aims to identify connections between RansomHouse, and other groups based on the investigation of multiple crossclaims of victims. Emerging after the Babuk source code leak in late 2021, RansomHouse has been linked to multiple groups, including White Rabbit, Mario ESXi, RagnarLocker, and Dark Angels (Dunghill Leak).
- Investigation of the RansomHouse data leak site (DLS) also revealed multiple crossclaims with other groups, indicating potential cooperation. According to the analysis of RansomHouse’s dataset (May 9, 2022, to February 28, 2024) of entities
posted on its DLS, 11 out of 73 claimed victims were crossclaimed by other groups.- Further investigation revealed potential associations of RansomHouse with Alphv/BlackCat, LockBit 3.0, BianLian, and RagnarLocker. Through our findings and corroborated by open-source reporting from other researchers, including the identification of shared emails and a consistent timeline of crossclaims, there is evidence suggesting potential collaboration among these syndicates.
- Snatch and Stormous, singled out in a separate case, were identified as closely cooperating with RansomHouse and/or Dark Angels, engaging in hybrid ransomware/hacktivist activities that blend ransomware with influence operations under the guise of hacktivism.
Read the whole report on Analyst1 or download their pdf version.
h/t, Risky Biz News