Cointegrity

RansomHub

Web3 / compliance

RansomHub was the dominant ransomware operation in early 2025, operating as a Ransomware-as-a-Service platform that attracted a large affiliate base through aggressive revenue-sharing terms — offering affiliates 90% of ransom proceeds versus the 70–80% typical of competitors. The group executed high-profile breaches across healthcare, critical infrastructure, and financial services, including a breach of Planned Parenthood of Montana affecting 57,000 people. RansomHub abruptly shut down operations in April 2025, one of the most sudden closures of a major RaaS operation on record. However, its disappearance did not reduce the threat landscape — its extensive affiliate network rapidly migrated to competing platforms including Qilin, Akira, and DragonForce, immediately boosting their victim counts. Former RansomHub affiliates were subsequently observed forming new collectives focused on pure Extortion-as-a-Service, stripping away the ransomware-encryption component entirely and focusing solely on data theft and exposure threats. RansomHub's sudden closure is consistent with either a law-enforcement action, an exit scam by the platform operators, or a strategic reorganisation into a harder-to-attribute structure. Example: Following RansomHub's April 2025 shutdown, incident-response firms reported a sharp spike in Qilin and Akira intrusions within 30 days — the same technical fingerprints and negotiation styles as prior RansomHub affiliates, confirming that affiliate migration rather than retirement was the dominant post-shutdown pattern. Why it matters for compliance: RansomHub's lifecycle — rapid dominance, abrupt closure, affiliate dispersal — illustrates that the RaaS ecosystem is highly resilient and does not depend on any single platform. Compliance programmes that track specific named ransomware groups rather than affiliate tactics and technical indicators will consistently lag the actual threat.

Category: compliance, regulatory frameworks

Related Terms

Explore the full Web3 Glossary — 2,062+ expert-curated definitions. Need guidance? Talk to our consultants.