Data Extortion Market RansomHouse Sets Camp on The Darknet

Bitdefender Gravityzone

A new data extortion operation, where cybercriminals can post evidence of successful ransomware attacks and sell stolen data, has appeared on the darknet.

Members of the operation claim they’re not actually using ransomware and focus solely on stealing victims’ data by leveraging unpatched flaws to breach vulnerable networks.

They refuse to take responsibility for their actions and blame companies for failing to secure their networks properly and for offering “ridiculously small” bug bounty rewards for vulnerability disclosures.

“We believe that the culprits are not the ones who found the vulnerability or carried out the hack, but those who did not take proper care of security, ” RansomHouse wrote on their website’s About Us page. “The culprits are those who did not put a lock on the door leaving it wide open inviting everyone in.”

Experts believe that the RansomHouse operation was launched in December 2021 and its first victim was the Saskatchewan Liquor and Gaming Authority (SLGA). The darknet website, on the other hand, only launched this month.

Not long after inaugurating the website, the cybercrime group publicy named three other victims, with the last one identified as a “German airline support service provider, attacked last week,” as BleepingComputer reports.

RansomHouse uses a rather interesting technique to gain attention and persuade their victims to pay the ransom. The group posts URLs to media posts for actively extorted targets; this technique puts additional pressure on victims to pay the ransom.

Failure to comply leads to the sale of victims’ data to other threat actors. If the data isn’t bought, the perpetrators make it publicly available on their website.

Cybersecurity experts verified the accuracy of the group’s claims and agreed that RansomHouse doesn’t rely on actual ransomware. Instead, the cybercrime operation only deals with stealing data and selling it to other threat actors. Furthermore, researchers said the gang doesn’t encrypt any stolen data, so the only threat they pose is based on selling or exposing it.