RansomHouse attempts double extortion: Beyond the cryptographic update, RansomHouse leverages a double extortion model, which involves exfiltrating data and threatening public disclosure in addition to encrypting it, to add pressure on victims to pay.This layered pressure tactic, already a common feature of modern ransomware attacks, complicates incident response timelines and negotiating strategies for corporate security teams.Unit 42’s disclosure also revealed that RansomHouse operates with a modular attack chain separating operators (tool developers and leak managers) from attackers/affiliates (those who gain access and deploy the ransomware). This model allows the RaaS to scale and adapt, even as individual affiliates rotate or rebrand.The disclosure noted that detection strategies that rely solely on static signatures are increasingly insufficient against ransomware like RansmHouse that use dynamic, chunked encryption with multi-phase execution. Investing in behavioral analytics, real-time monitoring, hardened segmentation, and regular backup validation remains essential. Unit 42 has published indicators of compromise (file hashes, file extensions, and ransom note artifacts) tied to the updated RansomHouse tooling, urging enterprises to proactively hunt for related activity across affected endpoints and virtualized environments.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4110472/think-you-can-beat-ransomware-ransomhouse-just-made-it-a-lot-harder.html
