“Despite its name, the RansomHouse group doesn’t quite fit under the label of a ransomware group in the traditional sense. While the group does demand a ransom as part of their operations, it would appear that they don’t distribute malicious software into victim organizations. They are considered to be a pure-play extortion group, which we’ve begun to see a renaissance of in recent months.
“RansomHouse itself has claimed that they are neither behind breaches nor do they develop or utilize any ransomware as part of their efforts. But it’s hard to trust the word of the group, who may be trying to shield themselves from being lumped into a category of ransomware and becoming a bigger target through law enforcement operations.
“Even with the success of double extortion, whereby ransomware groups encrypt files within a network and steal files and threaten to leak them on the dark web, the extortion factor appears to have become the central point amongst extortion groups like RansomHouse and Lapsus$.
“As the Conti ransomware group began to fold up its operations, part of its grand plans included splintering into several ransomware groups, including those that are extortion-focused like BlackByte and Karakurt.
“As we highlight in our recent Ransomware Ecosystem report, ransomware groups have evolved over the years, adopting a business-like approach to their efforts and forging business partnerships with other players in the ecosystem, like affiliates and initial access brokers. It remains to be seen if this trend towards an extortion-only focus will become part of its natural evolution.” — Satnam Narang, Sr. Staff Research Engineer at Tenable