Custom Malware Discovered From RansomHub Gang Linked To Halliburton, Rite Aid Attacks

Symantec researchers have discovered a new custom backdoor malware, dubbed Betruger, linked to affiliates of the RansomHub gang ransomware-as-a-service operation.

Sergiu Gatlan reports in BleepingComputer that Betruger stands out as a rare, multifunctional tool likely designed to support ransomware deployment.

Unlike typical ransomware tactics that rely on widely used utilities or legitimate tools, Betruger consolidates several malicious capabilities into one payload, suggesting a shift toward more stealthy and efficient attack strategies.

RansomHub, active since February 2024, is the latest incarnation of earlier ransomware groups Cyclops and Knight. Unlike traditional ransomware gangs focused on encrypting data, RansomHub’s model centers on data theft and extortion.

The group has claimed responsibility for numerous high-profile breaches, including Halliburton, Frontier Communications, Rite Aid, and Planned Parenthood.

The RansomHub gang also notably released data from Change Healthcare after the BlackCat/ALPHV exit scam. These incidents signal a persistent and evolving threat from RansomHub and its affiliates, especially in critical sectors.

Betruger’s capabilities include keylogging, privilege escalation, credential dumping, network scanning, screenshotting, and file uploads to command-and-control servers.

This all-in-one approach minimizes the need for additional tools during an attack, reducing detection risks. The malware is disguised as mailing software using names like mailer.exe and turbomailer.exe.

While other ransomware groups have used custom tools for data theft, Betruger’s design reflects a more integrated and adaptable strategy for pre-ransomware operations, likely streamlining the workflow for affiliates.

Lawyers should treat this development as a warning about the increasing sophistication of ransomware groups. Management of sensitive client data must implement endpoint detection, threat hunting, and employee awareness training.