From linear to complex: an upgrade in ransomhouse encryption

Intel Name: From linear to complex: an upgrade in ransomhouse encryption

Date of Scan: December 18, 2025

Impact: High

Summary:
RansomHouse is a ransomware-as-a-service operation run by the group known as Jolly Scorpius. Recent malware samples show a major upgrade in the group’s encryption capabilities. This analysis examines the encryption changes and their implications for defenders. Jolly Scorpius employs a double extortion model, combining data theft with file encryption. Since December 2021, at least 123 victims have been exposed on the RansomHouse leak site. The group has impacted critical sectors, causing financial losses, data breaches, and loss of public trust.

More Details