Deep Dive on the EncryptHub Ransomware

EncryptHub is a ransomware variant that was first detected in mid-2021. This ransomware strain poses a significant threat, with numerous organizations across the globe falling prey to its attacks. For instance, in December 2021, several South Korean companies reported EncryptHub intrusions, leading to significant data encryption and business interruption incidents (Korea Times). Beyond South Korea, EncryptHub has also been reported in several European countries and the United States (Australian Cyber Security Centre) As a trusted ransomware recovery and negotiation service provider, we offer Ransomware Recovery Services and Ransomware Negotiation Services to help contain the fallout and recover from such devastating attacks.

Information on EncryptHub Ransomware

Example Ransom Note

YOUR FILES ARE ENCRYPTED!
Hello! Your files are safe, but encrypted.
If you see this text, but do not see the "Decryptor" desktop app, check your antivirus quarantine.
Run Decryptor app to recover your files.
Please follow the below link to get Decrypt Files software:
[link]

Additional Information

• The exact origin of EncryptHub ransomware is unknown, although some security researchers believe it could be linked to the DoppelPaymer gang.
• EncryptHub was first detected in mid-2021 and has been continuously developed since then. The threat actors are known to launch highly targeted attacks using spear-phishing emails and RDP exploits.
• EncryptHub does not appear to operate on the Ransomware-as-a-Service (RaaS) model and is likely being used by a single group.
• Thus far, no decryption tool is publicly available for EncryptHub.
• EncryptHub uses a strong encryption algorithm rendering the victim’s data useless without the necessary decryption key.