RansomHouse group establishes new data leak site for breach victims

May 30, 2022
RansomHouse Threat Group Data Leak Breach Stolen Data Darknet

A new darknet leak site has recently emerged on the cybercrime scene run by the group dubbed RansomHouse. The site’s operators use it to leak massive stolen data from data breach victims who failed to pay monetary requests to threat actors.

Moreover, the new campaign is said not to operate through ransomware but through breach attacks on vulnerable systems to steal the victims’ data.

The RansomHouse group also tends not to take responsibility for its malicious intentions. Rather, the group blames organisations and companies that fail to implement strong security on their networks, allowing cybercriminals to exploit critical vulnerabilities easily.

 

The RansomHouse group stressed that those firms that did not take proper security measures are to blame for being victimised by cybercriminals.

 

According to researchers’ studies, the threat group began its extortion operations last December, with the Saskatchewan Liquor and Gaming Authority (SLGA) being its first victim. However, the gang only launched their leak site this month, wherein three more victims had been added, including an airline support service provider from Germany.

The stolen data are sold to other interested threat actors, while the unsold ones are posted to a Tor site.

Researchers analysed the RansomHouse group’s origin, where they found that the group was first mentioned inside the ransom notes of the White Rabbit gang. Furthermore, it was also discovered that the group was promoted on the Telegram channel of the notorious Lapsus$ group.

Nonetheless, the group’s main starting point has yet to be uncovered by experts. RansomHouse group introduced themselves as subgroups of other cybercriminal gangs and has yet to emerge as an independent malicious organisation.

Separate researchers who also conducted more analysis on the extortion group stated that its core members seem to be working professionally in their interactions, such as showing polite manners in conversations and avoiding irrelevant discussions. The group seemed to be liberal, too, stating not to mix their business with issues in politics. They also claim never to get affiliated with state-backed cyberespionage groups.

These findings made analysts presume that the RansomHouse group is a project of disgruntled individual pentesters dismayed by the poor cybersecurity protocols implemented by most organisations.

About the author