RansomHub Ransomware Gang Is Behind the Halliburton Cyberattack

• Oilfield products and services giant Halliburton announced a security incident this week that disrupted its systems globally.
• The latest analysis reveals the RansomHub ransomware gang encrypted the company’s systems.
• More public details on the data breach are to be announced, and the investigation is ongoing.

The RansomHub ransomware gang orchestrated the American Halliburton oilfield services giant cyberattack, which disrupted some of the company’s global networks and its north Houston campus business operations, as per Bleeping Computer’s report on the matter.

Halliburton, one of the world's largest providers of oilfield products and services, took systems offline after noticing the intrusion. Microsoft Azure infrastructure-hosted email systems are still operational. Google’s incident response firm, Mandiant, is investigating the security incident.

This email includes a list of indicators of compromise (IOCs) containing file names and IP addresses, among which is one for a Windows executable named maintenance.exe, confirmed to be a newer version of the RansomHub ransomware encryptor in the report.

RansomHub is a ransomware-as-a-service (RaaS) payload whose code overlaps with that of other ransomware groups, such as ALPHV (BlackCat) and Knight Ransomware.

The recent Patelco Credit Union breach was attributed to the RansomHub ransomware group. On August 15,726,000 customers’ data leaked on the group's extortion portal after the ransom payment negotiations allegedly failed.

The data breach of revenue and payment cycle management provider Change Healthcare ended up on RansomHub’s leak website after the cybercriminal group that claimed it, ALPHV, was shut down.

Other notable security incidents include the HealthEquity 2024 data breach that occurred via a third party that had access to HealthEquity’s SharePoint data and affected 4.3 million individuals, specialty radiology practice Consulting Radiologists Ltd, and more.

Recently, T-Mobile failed to implement adequate security measures and report security breaches in due time, according to the Committee on Foreign Investment in the U.S., which issued a $60 million fine. Other of the mobile communications giant’s data breaches have exposed millions of customers’ private data in the past six years.