The Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint advisory to provide information about the RansomHub ransomware. This ransomware, a variant of ransomware-as-a-service previously known as Cyclops and Knight, has been identified through recent FBI threat responses and third-party reports as of August 2024. RansomHub has become a notable ransomware service, attracting affiliates from other prominent groups such as LockBit and ALPHV. Since its launch in February 2024, it has targeted over 210 victims across critical sectors including water, information technology, government services, healthcare, emergency services, and more. The ransomware uses a double-extortion model, encrypting and exfiltrating data to extort payments, with ransom notes directing victims to contact the attackers via a Tor-based .onion URL. Victims are typically given between three and 90 days to pay before their data is published on the RansomHub leak site. The advisory includes contact information for reporting suspicious activities and urges network defenders to implement recommended mitigation strategies to reduce the risk and impact of such ransomware incidents. For more details, you can find the full advisory at #StopRansomware: RansomHub Ransomware.