Trinetra
Trinetra
Cyber Defense
Home / Threat Intel / Group · RansomHub
Ransomware · Threat Group Dossier Historical activity tracked

RansomHub

RansomHub is a ransomware operation with 844 publicly named victims. Rust/Go encryptors, AV disablement via vulnerable drivers (EDRKillShifter), SOCKS tunneling.

844
Named victims
0
In 2026
73
Countries hit
31 Mar 2025
Last disclosure

fingerprintDossier

Active since
February 2024
Origin / attribution
Suspected rebrand of Knight/Cyclops
Known aliases
RansomHub RaaS
Common initial access
Public VPN/SSL-VPN exploits, purchased access, spear-phishing
TTPs & tradecraft
Rust/Go encryptors, AV disablement via vulnerable drivers (EDRKillShifter), SOCKS tunneling.
Notes
Picked up many ex-ALPHV/BlackCat affiliates after their 2024 exit scam.

publicTop countries hit

United States321
Brazil35
Canada34
United Kingdom32
Italy27
Germany23
Australia19
Spain19

factoryTop sectors targeted

Business Services187
Technology126
Manufacturing107
Healthcare80
Not Found76
Government44
Agriculture and Food Production39
Transportation/Logistics39

historyRecent named victims

intellioan.com
US · Not Found · 31 Mar 2025
jackpotjunction.com
US · Hospitality and Tourism · 31 Mar 2025
europtec.com
DE · Technology · 31 Mar 2025
delta-life.com
DE · Not Found · 31 Mar 2025
www.assisi.nl
NL · Healthcare · 29 Mar 2025
phaus.us&phakr.com&phabodysystems.com
US · Not Found · 28 Mar 2025
www.bassi.it
IT · Technology · 28 Mar 2025
www.allmilmoe.com
DE · Manufacturing · 28 Mar 2025
brattenelectrictn.com
Manufacturing · 27 Mar 2025
www.hongthongrice.com
TH · Agriculture and Food Production · 26 Mar 2025
www.fkm-elemente.de
DE · Manufacturing · 26 Mar 2025
conterra.com
DE · Technology · 26 Mar 2025
www.DSelectrical.com
Construction · 26 Mar 2025
www.carolinaac.com
US · Consumer Services · 25 Mar 2025
www.garbinc.com
US · Manufacturing · 25 Mar 2025

Sourced from open leak-site monitoring · Generated 20 Apr 2026