The RansomHouse ransomware group has taken credit for the recent attack on the cybersecurity firm Trellix, with the group naming Trellix on its leak website.
The Trellix hack came to light when the company announced on its website that part of its source code repository had been breached. According to Trellix, no evidence has been found that its source code release or distribution process was affected, or that its source code has been exploited.
RansomHouse Claims and Actions
RansomHouse has published several screenshots that appear to show they had access to internal services and management dashboards, but the group has not specified how much data they stole from the cybersecurity company.
RansomHouse is an extortion group that emerged in 2022, primarily operating as a ransomware-as-a-service (RaaS) provider that targets large enterprises. The group has been known to encrypt victims’ files and steal valuable data to increase its chances of receiving a ransom payment.
Potential Connection to Other Attacks
The timing of the attack suggested a potential connection to the recent supply chain attack linked to the hacker groups TeamPCP and Lapsus$. This campaign has impacted several cybersecurity firms, including Checkmarx, Aqua Security, and Bitwarden.
Trellix told SecurityWeek that it’s aware of the claims and is looking into the matter. RansomHouse’s Tor-based leak website currently lists more than 170 victims.
Background on RansomHouse
RansomHouse is a relatively new player in the ransomware landscape, but the group has quickly made a name for itself by targeting large enterprises and demanding significant ransom payments.
The group’s tactics, techniques, and procedures (TTPs) are still being studied by security researchers, but it’s clear that RansomHouse is a formidable opponent that will stop at nothing to achieve its goals.
Implications and Next Steps
The attack on Trellix is a reminder that even the most secure organizations can fall victim to ransomware attacks. As the investigation into the breach continues, it’s likely that more information will come to light about the attack and the group responsible.
In the meantime, organizations would do well to review their security posture and ensure that they have the necessary controls in place to prevent similar attacks. This includes implementing robust backup and recovery procedures, as well as ensuring that all software and systems are up to date with the latest security patches.
By taking a proactive approach to security, organizations can reduce the risk of falling victim to ransomware attacks and minimize the impact of a breach if one were to occur.
- RansomHouse ransomware group claims responsibility for Trellix hack
- Trellix announces source code repository breach, but finds no evidence of exploitation
- RansomHouse publishes screenshots of internal services and management dashboards
- Potential connection to supply chain attack linked to TeamPCP and Lapsus$
- RansomHouse has listed over 170 victims on its Tor-based leak website
As the cybersecurity landscape continues to evolve, it’s likely that we’ll see more attacks like this in the future. By staying informed and taking a proactive approach to security, organizations can reduce the risk of falling victim to these types of attacks.
Source: SecurityWeek