Hide Navigation Hide TOC

RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4)

RansomHub is a ransomware-as-a-service (RaaS) offering with Windows, ESXi, Linux, and FreeBSD versions that has been in use since at least 2024 to target organizations in multiple sectors globally. RansomHub operators may have purchased and rebranded resources from Knight (formerly Cyclops) Ransomware which shares infrastructure, feature, and code overlaps with RansomHub.^{[CISA RansomHub AUG 2024][Group-IB RansomHub FEB 2025]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337)	Tidal Groups	RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4)	Tidal Software	1
Indrik Spider (3c7ad595-1940-40fc-b9ca-3e649c1e5d87)	Tidal Groups	RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4)	Tidal Software	1
CosmicBeetle (04b73cf2-33f4-4206-be9e-c80c4c9b54e8)	Tidal Groups	RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4)	Tidal Software	1
RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5)	Tidal Groups	RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4)	Tidal Software	1