RansomHub is a ransomware-as-a-service (RaaS) platform that has emerged as a significant threat since February 2024, rapidly attracting affiliates from other prominent ransomware groups. The ransomware service is sold to cybercriminal affiliates who leverage RansomHub’s capabilities for double extortion and efficient large-scale attacks against critical infrastructure sectors, small to medium-sized businesses (SMBs), and high-value organizations worldwide. RansomHub is suspected to be a rebranding of Knight ransomware.

Prior to launching ransomware, threat actors often take multiple steps to gain initial access, move laterally, acquire credentials, and steal data. For a holistic guide on securing your organization from motivated ransomware attackers, refer to our ransomware as a service blog.