Ransomhouse Group

Also known as: Ransomhouse Group

Ransomhouse is a sophisticated ransomware-as-a-service (RaaS) group that emerged in late 2021. The group employs double extortion tactics, first encrypting victim networks then threatening to publish exfiltrated data if ransom demands are not met. Ransomhouse operates a Tor-based leak site to name-and-shame non-paying victims. The group tries to portray a professional image, offering personalized Onion chat links for negotiation and advice to bolster victims’ security. Technically, Ransomhouse utilizes specialized tools like Babuk ransomware, and its variant Mario ransomware. It uses MrAgent to automate ransomware deployment across large environments. The group has targeted entities worldwide, with a focus on Western industries like technology and industrials.[Sogeti Global February 28 2024][Trellix RansomHouse February 14 2024]

Introduction

Ransomhouse is a sophisticated ransomware-as-a-service (RaaS) group that emerged in late 2021. The group employs double extortion tactics, first encrypting victim networks then threatening to publish exfiltrated data if ransom demands are not met. Ransomhouse operates a Tor-based leak site to name-and-shame non-paying victims. The group tries to portray a professional image, offering personalized Onion chat links for negotiation and advice to bolster victims’ security. Technically, Ransomhouse utilizes specialized tools like Babuk ransomware, and its variant Mario ransomware. It uses MrAgent to automate ransomware deployment across large environments. The group has targeted entities worldwide, with a focus on Western industries like technology and industrials.[Sogeti Global February 28 2024][Trellix RansomHouse February 14 2024]

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Agent.btz:
  • OnionDuke:
  • CrossRat:

Attribution and Evidence

Information pending cataloguing.

References

[1] [Sogeti Global February 28 2024 [2] [Trellix RansomHouse February 14 2024