Inactive ransomware operator
← All groupsRansomHub
aka RANSOM HUB · 1,032 victims indexed · first seen 2 years ago · last activity 1 year ago
At a glance
- Status
- inactive
- Aliases
- RANSOM HUB
- First seen
- 2 years ago
- Last activity
- 1 year ago
- Onion sites
- 4 known endpoints
- Primary sector
- Business Services · 203 hits
About
References
1 linkExternal sources curated by the MISP threat-intel community.
Timeline
14 monthsTop countries
Top sectors
MITRE ATT&CK
7 techniques · 6 tacticsTactics
Indicators of compromise
CVEs exploited
Known tools
Detection · YARA rules
1 ruleRansomHub_Ransomware
Detects RansomHub ransomware
source: CISA AA24-242A
Recent victims
Loading…
Onion infrastructure
4 known- http://fpwwt67hm3mkt6hdavkfyqi42oo3vkaggvjj4kxdr2ivsbzyka5yr2qd.onion
- http://ransomgxjnwmu5ceqwo2jrjssxpoicolmgismfpnslaixg3pgpe5qcad.onion
- http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion
- http://ijbw7iiyodqzpg6ooewbgn6mv2pinoer3k5pzdecoejsw5nyoe73zvad.onion/blog
Source
Updated 1 year agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.
Get alerted the next time RansomHub posts a victim.
Add RansomHub to your watchlist — Pro pings you within 5 minutes of any new RansomHub leak-site post, Telegram callout, or affiliate-rebrand inference.

