Insights into RansomHub Unveiled through Latest Research

Insights into RansomHub Unveiled through Latest Research

RansomHub, a relatively new Ransomware-as-a-Service (RaaS), has quickly become one of the most prolific ransomware groups currently active. New research suggests that RansomHub may actually be a rebranded version of an older ransomware known as Knight.

The research highlights several similarities between RansomHub and Knight, including:

  • Both use payloads written in Go, with similar ransom notes left behind.
  • Most variants are obfuscated with Gobfuscate, and both use a unique obfuscation technique for encoding important strings.
  • There is significant code overlap between the two, making it difficult to differentiate them.
  • The help menus on the command line are almost identical, with just a small difference in the sleep command added by RansomHub.

However, the research also identifies a difference between RansomHub and Knight in the commands run through cmd.exe. Despite this difference, the manner in which the commands are called remains the same.

It is unlikely that RansomHub is operated by Knight’s creators based on the research findings. Instead, the research suggests that the source code of Knight was likely purchased and updated for use with RansomHub.

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC