Ransomware debris: an analysis of the RansomHub operation

This report analyzes the RansomHub ransomware-as-a-service operation, describing its multi-OS/multi-architecture encryptor (including ESXi and SFTP capabilities), affiliate panel features (builders, live-chat negotiations, trial decryptors), recruitment and extortion tactics (low-fee model, regulator threats), tooling provided to affiliates (Killer and legitimate AV-killing utilities), targeting patterns (notably healthcare), and recent operational disruption with possible affiliate migration to Qilin.