![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![[DEALS] Microsoft Visual Studio Professional 2022 + The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From Accountant to Data Engineer with Alyson La [Podcast #168]](https://cdn.hashnode.com/res/hashnode/image/upload/v1744420903260/fae4b593-d653-41eb-b70b-031591aa2f35.png?#)
.png?#)
![Apple TV+ Summer Preview 2025 [Video]](https://www.iclarified.com/images/news/96999/96999/96999-640.jpg)
![Apple Watch SE 2 On Sale for Just $169.97 [Deal]](https://www.iclarified.com/images/news/96996/96996/96996-640.jpg)
![Apple Posts Full First Episode of 'Your Friends & Neighbors' on YouTube [Video]](https://www.iclarified.com/images/news/96990/96990/96990-640.jpg)
RansomHub Ransomware-as-a-service Facing Internal Conflict as Affiliates Lost Access to Chat Portals
RansomHub, a relatively newer player in the ransomware-as-a-service (RaaS) landscape, is experiencing significant internal turmoil after affiliates suddenly lost access to negotiation chat portals on April 1st, 2025. This disruption has forced affiliates to redirect victim communications to alternative platforms, including those belonging to competing ransomware groups, creating confusion in ongoing extortion attempts and potentially […] The post RansomHub Ransomware-as-a-service Facing Internal Conflict as Affiliates Lost Access to Chat Portals appeared first on Cyber Security News.
RansomHub, a relatively newer player in the ransomware-as-a-service (RaaS) landscape, is experiencing significant internal turmoil after affiliates suddenly lost access to negotiation chat portals on April 1st, 2025.
This disruption has forced affiliates to redirect victim communications to alternative platforms, including those belonging to competing ransomware groups, creating confusion in ongoing extortion attempts and potentially threaten ransom payments in progress.
The group initially gained prominence in early 2024 by offering particularly favorable payment terms to attract skilled affiliates.
Unlike many competitors, RansomHub implemented a business model that directed ransom payments either directly to affiliates or split them at the point of transaction, significantly reducing the risk of “exit-scamming” – a common problem where RaaS administrators keep entire ransoms and abandon their affiliates.
GuidePoint Security’s Research and Intelligence Team (GRIT) researchers identified the first signs of trouble on the morning of April 1st when multiple client chat portals used for ransomware negotiations suddenly went offline.
Intelligence sharing partners confirmed similar disruptions across RansomHub’s infrastructure, pointing to widespread internal conflict rather than isolated technical issues.
.webp)
The impact extends beyond the criminal organization itself, creating uncertainty for victims currently engaged in negotiations.
Organizations facing RansomHub ransom notes now face additional complications, as communication channels have become unreliable and the group’s ability to provide decryption tools is increasingly questionable.
The DragonForce Connection
Adding another layer of complexity to the situation, competing RaaS operator DragonForce made a public claim on April 2nd that RansomHub had “decided to move to their infrastructure” under “a new option from The DragonForce Ransomware Cartel”.
This announcement appeared on the RAMP forum, where it prompted immediate skepticism from users, with some questioning if RansomHub had been “taken down” by DragonForce.
The ambiguity surrounding this claim was further highlighted when DragonForce requested that RansomHub “consider [their] offer,” suggesting the announcement may have been premature or possibly a form of opportunistic marketing during RansomHub’s moment of vulnerability.
Evidence of this appears, where DragonForce demonstrates what they claim to be a new RansomHub affiliate portal.
A user named “Hexcat” directly requesting clarity for RansomHub affiliates, underscoring the confusion prevalent among the criminal ecosystem’s participants.
This instability mirrors patterns seen in other prominent ransomware groups that collapsed due to internal conflicts, including Conti (Russia-Ukraine disagreements), Alphv (affiliate exit-scamming), and Black Basta (targeting disputes).
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Also Read:
The post RansomHub Ransomware-as-a-service Facing Internal Conflict as Affiliates Lost Access to Chat Portals appeared first on Cyber Security News.
