RansomHouse, a ransomware-as-a-service (RaaS) by Jolly Scorpius, has upgraded its encryption methods from simple to complex strategies, affecting at least 123 victims across critical sectors. The operation employs a double extortion tactic, combining data theft with ransom demands. Its attack chain involves four key phases: Develop, Infiltrate, Exfiltrate & Deploy, and Extort. Tools used include MrAgent, for managing systems, and Mario, the encryptor, which targets VMware environments. The upgraded Mario encryption method is significantly more sophisticated, enhancing operational disruption for victims.
https://unit42.paloaltonetworks.com/ransomhouse-encryption-upgrade/

