ICIC
UN

RansomHub

Low ConfidenceHigh Threat

Cyclops • Knight

RansomHub is a ransomware-as-a-service operation that emerged in early 2024, quickly becoming one of the most active ransomware groups. The operation attracts affiliates with favorable profit-sharing terms and has targeted organizations across healthcare, government, and critical infrastructure sectors. RansomHub employs double extortion tactics and maintains a leak site for publishing stolen data from non-paying victims.

Origin: Unknown
Sponsor: Cybercriminal (No State Sponsor)
Active: 2024 - Present
Victims: 100+ organizations
Advanced
Active
Financial Gain
Risk Assessment
75
Composite Risk Score
High Risk
ARCS Compliance75
Escalation Risk78
Grievance Index65
Infrastructure Impact80
History & Evolution

RansomHub is a ransomware-as-a-service operation that emerged in early 2024, quickly becoming one of the most active ransomware groups. The operation attracts affiliates with favorable profit-sharing terms and has targeted organizations across healthcare, government, and critical infrastructure sectors. RansomHub employs double extortion tactics and maintains a leak site for publishing stolen data from non-paying victims.

Targeting

Target Sectors

HealthcareGovernmentManufacturingTechnology

Target Regions

GlobalUnited States
Attribution & Affiliations

Attributed to Cybercriminal (No State Sponsor) (Unknown). Attribution confidence: Low.

Intelligence Assessment
High
Threat Level
Moderately
Targeting
Moderately
Adaptability
High
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

RansomHub is expected to continue operations targeting Healthcare sectors.

Timeline of Key Events
2024
Major

First observed activity of RansomHub

2024
Moderate

Continued active operations