New data-extortion cybercrime operation RansomHouse has claimed to leveraged vulnerabilities to infiltrate targets' networks and later blame attacks on improperly secured networks and "ridiculously small" security flaw disclosure rewards, reports BleepingComputer.
The Saskatchewan Liquor and Gaming Authority is believed to be the first victim of RansomHouse, which is thought to have launched in December, which then proceeded to attack a German airline support service provider and two other victims, all of which have already been listed on RansomHouse's extortion site. White Rabbit ransom notes were found to be the first to mention RansomHouse but the operation stressed that they only partnered with the ransomware group.
Meanwhile, a Cyberint report revealed RansomHouse promotions on the Lapsus$ operation's Telegram channel. RansomHouse actors have been claiming to be "very liberal and pro-freedom" and refuse to partner with espionage groups and radical hacktivists, according to Cyberint, which concluded that the group has been deployed by dissatisfied red-team pentesters.
However, Emsisoft Threat Analyst Brett Callow noted that White Rabbit actors may also be behind RansomHouse.
"As for the origin, a representative of RansomHouse who had phoned the press to publicize the attacks spoke English with what sounded like an Eastern European accent," Callow added.