RansomHouse is a double-extortion RaaS operation active since late 2021, attributed to the threat actor "Jolly Scorpius," targeting over 120 organizations across healthcare, finance, transportation, and government, recently upgrading to a multi-layered dual-key encryption architecture.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
rule RansomHouse {
meta:
description = "rule to detect RansomHouse"
author = "ShadowStackRe.com"
date = "2024-02-20"
Rule_Version = "v1"
malware_type = "ransomware"
malware_family = "RansomHouse"
License = "MIT License, https://opensource.org/license/mit/"
strings:
$strFileExt = ".emario"
$strRestore = "How To Restore Your Files.txt"
$strEncrypted = "/path/to/be/encrypted"
$strCrypted = "Crypted:"
condition:
filesize < 100KB and all of ($str*)
}Welcome to the RansomHouse
You are locked by
M A R I O
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣴⡾⣻⣿⣿⣿⣿⣯⣍⠛⠻⢷⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⠟⢁⣾⠟⠋⣁⣀⣤⡉⠻⣷⡀⠀⠙⢿⣷⣄⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⢀⡀⠀⠀⠀⠀⠀⠀⣰⣿⠏⠀⠀⢸⣿⠀⠼⢋⣉⣈⡳⢀⣿⠃⠀⠀⠀⠙⣿⣦⡀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⢰⡿⠿⣷⡀⠀⠀⠀⣼⣿⠃⠀⠀⣀⣤⡿⠟⠛⠋⠉⠉⠙⢛⣻⠶⣦⣄⡀⠀⠘⣿⣷⡀⠀⠀⠀
⢠⣾⠟⠳⣦⣄⢸⡇⠀⠈⣷⡀⠀⣼⣿⡏⢀⣤⡾⢋⣵⠿⠻⢿⠋⠉⠉⢻⠟⠛⠻⣦⣝⠻⣷⣄⠸⣿⣿⠀⠀⠀
⠘⣧⠀⠀⠀⠙⢿⣿⠀⠀⢸⣷⠀⣿⣿⣧⣾⣏⡴⠛⢡⠖⢛⣲⣅⠀⠀⣴⣋⡉⠳⡄⠈⠳⢬⣿⣿⣿⡿⠀⠀⠀
⠀⠘⠷⣤⣀⣀⣀⣽⡶⠛⠛⠛⢷⣿⣿⣿⣿⣏⠀⠀⡏⢰⡿⢿⣿⠀⠀⣿⠻⣿⠀⡷⠀⣠⣾⣿⡿⠛⠷⣦⠀⠀
⠀⠀⢀⣾⠟⠉⠙⣿⣤⣄⠀⢀⣾⠉⠀⢹⣿⣿⣷⠀⠹⡘⣷⠾⠛⠋⠉⠛⠻⢿⡴⢃⣄⣻⣿⣿⣷⠀⠀⢹⡇⠀
⠀⠀⢸⡇⠈⠉⠛⢦⣿⡏⠀⢸⣧⠀⠈⠻⣿⡿⢣⣾⣦⣽⠃⠀⠀⠀⠀⠀⠀⠀⣷⣾⣿⡇⠉⢿⡇⠀⢀⣼⠇⠀
⠀⠀⠘⣷⡠⣄⣀⣼⠇⠀⠀⠀⠻⣷⣤⣀⣸⡇⠀⠹⣿⣿⣦⣀⠀⠀⠀⠀⢀⣴⣿⣿⡟⠀⠀⢸⣷⣾⡿⠃⠀⠀
⠀⠀⠀⠈⠻⢦⣍⣀⣀⣀⡄⠀⣰⣿⡿⠿⢿⣇⠀⠀⠉⠛⠻⣿⣿⡷⠾⣿⣿⡿⠉⠁⠀⠀⢀⣾⠋⠁⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠈⠉⠉⠙⠿⢿⣿⣇⠀⠀⠈⢿⣧⣄⠀⠀⠀⢹⣷⣶⣶⣾⣿⡇⠀⠀⣀⣴⡿⣧⣄⡀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣷⡀⠀⠀⠙⢿⣿⣶⣤⡀⠻⢤⣀⡤⠞⢀⣴⣿⣿⠟⢷⡀⠙⠻⣦⣄⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢻⣦⠀⢠⡟⠁⠙⢻⣿⠷⠶⣶⠶⠾⠛⠙⣿⠇⠀⠀⢻⡄⠀⠀⠙⢷⡀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⡀⣿⠁⣤⣤⡄⢻⡶⠶⠛⠛⠛⠛⠛⣿⢠⣾⣷⣆⢻⡀⠀⠀⠈⣷
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⣿⣿⢸⣿⣿⣿⡈⢿⡀⠀⠀⠀⠀⠀⡿⢸⣿⣿⣿⢸⡇⠀⠀⠀⡟
Dear management,
If you are reading this message, it means that:
- your network infrastructure has been compromised,
- critical data was stolen,
- files are encrypted.
The best and only thing you can do is to contact us
to settle the matter before any losses occurs.
Check out our website:[redactado]
[redactado] Channel: [redactado]
-------------------------------------
1. THE FOLLOWING IS STRICTLY FORBIDDEN
1.1 EDITING FILES ON HDD.
Renaming, copying or moving any files
could DAMAGE the cipher and
decryption will be impossible.
1.2 USING THIRD-PARTY SOFTWARE.
Trying to recover with any software
can also break the cipher and
file recovery will become a problem.
1.3 SHUTDOWN OR RESTART THE PC.
Boot and recovery errors can also damage the cipher.
Sorry about that, but doing so is entirely at your own risk.
-------------------------------------
2. EXPLANATION OF THE SITUATION
2.1 HOW DID THIS HAPPEN
The security of your IT perimeter has been compromised (it's not perfect at all).
We encrypted your workstations and servers to make the fact of the intrusion visible and to prevent you from hiding critical data leaks.
We spent a lot of time researching and finding out the most important directories of your business, your weak points.
We have already downloaded a huge amount of critical data and analyzed it. Now its fate is up to you, it will either be deleted or sold, or shared with the media.
2.2 VALUABLE DATA WE USUALLY STEAL:
- Databases, legal documents, personal information.
- Audit reports.
- Any financial documents (Statements, invoices, accounting, transfers,e-mails, etc.).
- Work files and corporate correspondence.
- Any backups.
- Confidential documents.
2.3 TO DO LIST (best practies)
- Contact us as soon as possible.
- Contact us only in our live chat, otherwise you can run into scammers.
- Purchase our decryption tool and decrypt your files. There is no other way to do this.
- Realize that dealing with us is the shortest way to success and secrecy.
- Give up the idea of using decryption help programs, otherwise you will destroy the system permanently.
- Avoid any third-party negotiators and recovery groups. They can become the source of leaks.
-------------------------------------
3. POSSIBLE DECISIONS
3.1 NOT MAKING THE DEAL
- After 5 days starting tomorrow your leaked data will be Disclosed or sold.
- We will also send the data to all interested supervisory organizations and the media.
- Decryption key will be deleted permanently and recovery will be impossible.
- Losses from the situation can be measured based on your annual budget.
3.2 MAKING THE WIN-WIN DEAL
- You will get the only working Decryption Tool and the how-to-use Manual.
- You will get our guarantees (with log provided) of non-recovarable deletion Karl Chevrolet, Inc. operates a Chevrolet car dealership. It offers new and used cars, commercial vehicles, SUVs, trucks, and vans. The company also provides automotive parts and accessories, such as brake pads, oil filters, and others; and services, which include vehicle maintenance, repair, inspection, and other services. It also allows customers to order parts online.
Assolim is a food distribution company that serves restaurants and hotels across Catalonia. Founded in 2014 from two family businesses with 60 years of history, we offer over 4,000 food products including frozen, fresh, and dry goods.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Karl Chevrolet | US | Consumer Services | — | 29 abr 2026 |
| Assolim | BR | Agriculture and Food Production | — | 22 dic 2025 |
| Diaz Gill Medicina Laboratorial S.A. | BR | Healthcare | — | 15 dic 2025 |
| Fucerep | UY | Financial Services | — | 21 nov 2025 |
| Sabesp | BR | Energy | — | 1 nov 2024 |
| Infomedika | PR | Healthcare | — | 19 jul 2024 |
| Banco Promerica de la República Dominicana | NI | Financial Services | — | 29 dic 2023 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Diaz Gill Medicina Laboratorial S.A. is a leading private clinical laboratory in Paraguay, founded in 1992 with roots dating back further.
Fucerep is a cooperative focused on savings and credit services targeted at both individuals and businesses. Established in 1974, the company offers a range of financial products including personal loans, salary accounts, credit and debit cards, savings accounts, and fixed-term deposits. Its goal is to help clients save and grow their finances through various tailored financial solutions.
In the name of our partners we apologize for the inconveniences that many people have to bear because of the incident. But we also want to explain the situation a bit more.First of all, the stories the Sabesp representatives tell you that they will restore their infrastructure are all lies.Our partners report that more than 2.000 servers were taken down and there are no chances those will be restored without our help as the company has no backups. If they had that data backed up, that would have already been restored.Taking into account the level of professionalism of the IT crew employeed in the company and the third parties the company has contracts with, restoration would take a minimum of 6 months or perhaps even more.With regard to company claims that no personal data was leaked, that's also not true. That was simply not disclosed yet.In addition to that, the company contacted us in the first days and we offered our help to solve the problem once and for all, but they've decided their money is more important than their clients and simple folk. At the same time we've received information they are taking a lot of cash out of the company for the purposes hardly related to solving the problem for people if you know what we mean.With our help the company infrastucture could be restored in 4-6 hours and everything could get back to normal the same day.The steps the company takes indicate that its management has no value for people and clients, the only things they have value for is money and profit, unfortunately.
Experience of over 40 years.Our Mission: Support a wide variety of industries in their automation, efficiency, and operational optimization goals using the most advanced and cost-effective technology. Vision: To be the leaders in cutting-edge technology of information systems applications and services for the benefit of all the industries we serve. Infomedika is vanguard, stability, and commitment in a wide variety of industries, pursuing the best attention for patients and customers while ensuring efficiency of the revenue cycle process and the return of investment. Located in San Juan, Puerto Rico. 24/7 technical support. Wide catalog of world top of the line integrated solutions. Over 80 staff members to assist customers. Broad certifications to assure superb development.