Only days after news sites reported that RansomHub was collaborating with EvilCorp in developing its attacks, RansomHub appeared to have been the victim of a takeover by another group. Or perhaps it was just a merger?
DragonForce recently posted an announcement on the RAMP cybercrime forum claiming that it had become partners with RansomHub. A similar message was posted on DragonForce’s darkweb leak site, as reported by DataBreaches.net:
Hi. Don’t worry RansomHub will be up soon, they just decided to move to our infrastructure! We are reliable partners.
A great example of how our new “projects” system works,
- RansomHub / Blog: http://ijbw7ii[redacted]
- RansomHub / Client: http://rnc6sc[redacted]onion
P.S. RansomHub hope you are doing well, consider our offer! We are waiting for everyone in our ranks.
The “consider our offer,” suggests that RansomHub going offline was not the result of any voluntary merger and was more likely to be a takeover.
As of today, the original RansomHub site has not reappeared, and a second site operated by Everest Team remains defaced since the weekend with a message, “Don’t do crime CRIME IS BAD xoxo from Prague🦄.” Whether Everest’s current status is connected to DragonForce activity is unknown at this time.
