Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

RansomHub went dark April 1; affiliates fled to Qilin, DragonForce claimed control

(Image by Pexels from Pixabay)

By Ravie Lakshmanan

Cybersecurity researchers have revealed that RansomHub‘s online infrastructure has “inexplicably” gone offline as of April 1, 2025, prompting concerns among affiliates of the ransomware-as-a-service (RaaS) operation.

Singaporean cybersecurity company Group-IB said that this may have caused affiliates to migrate to Qilin, given that “disclosures on its DLS [data leak site] have doubled since February.”

RansomHub, which first emerged in February 2024, is estimated to have stolen data from over 200 victims. It replaced two high-profile RaaS groups, LockBit and BlackCat, to become a frontrunner, courting their affiliates, including Scattered Spider and Evil Corp, with lucrative payment splits.

Read more at The Hacker News

Click to listen highlighted text!