The RansomHouse group (RaaS) emerged in late 2021 and has been active in deploying ransomware variants to exploit corporate networks. The group extorts its victims twice, first by encrypting their files and demanding a ransom, and second by naming and shaming non-paying victims on their blog, along with which they publish the stolen data from the victim. The group tries to differentiate itself from typical ransomware operators by cultivating an image of a “professional mediator community”. This group is identified for using a unique ransomware variant, dubbed Mario ESXi, along with MrAgent, to target both Windows and Linux-based systems. The ransomware shares code with Babuk.

Click here for details.