Skip to content

Hide Navigation Hide TOC

RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4)

RansomHub is a ransomware-as-a-service (RaaS) offering with Windows, ESXi, Linux, and FreeBSD versions that has been in use since at least 2024 to target organizations in multiple sectors globally. RansomHub operators may have purchased and rebranded resources from Knight (formerly Cyclops) Ransomware which shares infrastructure, feature, and code overlaps with RansomHub.[CISA RansomHub AUG 2024][Group-IB RansomHub FEB 2025]

Cluster A Galaxy A Cluster B Galaxy B Level
RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4) Tidal Software Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337) Tidal Groups 1
RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4) Tidal Software RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5) Tidal Groups 1
RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4) Tidal Software CosmicBeetle (04b73cf2-33f4-4206-be9e-c80c4c9b54e8) Tidal Groups 1
RansomHub (8271849f-77f9-5a38-812e-7b6a348b01c4) Tidal Software Indrik Spider (3c7ad595-1940-40fc-b9ca-3e649c1e5d87) Tidal Groups 1