Major U.S. global oil field services firm Halliburton had its IT systems and operations significantly disrupted by the RansomHub ransomware operation in an attack last week, BleepingComputer reports.
While only initially rumored to be linked to RansomHub due to the presence of a partial ransom note from the group on TheLayoff site, such an intrusion was noted by Halliburton in an email to suppliers to have involved the "maintenance.exe" file, which was confirmed to be an encryptor leveraged by the ransomware gang. Additional analysis of the encryptor revealed its inclusion of a new "-cmd string" command-line argument that enables command execution prior to file encryption. Such a development comes amid a federal advisory on the RansomHub operation, which has already compromised at least 210 organizations since its emergence in February. Aside from targeting U.S. telecommunications provider Frontier Communications, drugstore chain Rite Aid, Patelco Credit Union, and UK auction house Christie's, RansomHub also exposed Change Healthcare data after the ALPHV/BlackCat ransomware gang was dismantled.
