RansomHouse has posted evidence of a new attack, this time against the China-based Ronglian Group Limited. According to the hackers, the attack allowed them to get in the possession of up to 100 GB of internal data.
While RansomHouse relies on typical spear-phishing emails to infect their targets, they don’t play the spray-and-pray strategy. Instead, the gang appears to have specialized in fishing for bigger fish.
RansomHouse has gained a reputation for itself as a whale hunter. The gang prioritizes high-value targets, usually with deep roots in their respective markets and matching revenues. Ronglian fits this category as well, being active in the public sphere since 2005.
Another peculiarity of RansomHouse, although not exclusive to them, is their tendency to paint themselves as the “good guys.” In other words, the gang poses as “cybersecurity experts” whose actual goal is to highlight lacking companies.
So, they will identify and breach those with weak defenses, exploiting their vulnerabilities and demanding fair payment for their “services.” The idea is that they’re doing the company a service by highlighting their weak spots.
This isn’t a new idea, as many other ransomware gangs do the same.
RansomHouse doesn’t rely on encryption, unlike most ransomware actors today. Instead, the hackers will infiltrate the system, steal the target data, and leave the ransom note behind. The victim is supposed to contact them using the information available.
If the negotiations are unsuccessful or the victim decides not to contact them, the attackers will leak the stolen data publicly. Naturally, this will come with a variety of unwanted consequences.
One of them is the fact that other cybercriminal gangs will get access to sensitive data. In turn, this will lead to other ransomware breaches, sometimes months or years later.
Another problem comes with the legal implications of a major data leak. This is linked to the fact that the company is responsible for the data in its possession. Which makes it legally liable in case of any informational leak that affects its employees or customers.
It’s understandable why some victims, especially high-profile corporations, prefer to pay the ransom to recover the data. And have the hackers delete it to prevent the public leak. Which also explains why RansomHouse prioritizes high-value targets.
That being said, not all victims choose to pay. Some prefer to not show any weakness and ignore the hackers. Which is the ideal tactic. If no one would pay any ransom ever, ransomware attacks would cease to occur. That is, in an ideal world.
At this moment, RansomHouse ranks as one of the most dangerous ransomware actors in the world. Not very active, but very proficient and professional.
We believe security online security matters and its our mission to make it a safer place.