RansomHouse Enhances Encryption with Multi-Layered Data Processing

First reported

20.12.2025 17:23

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

RansomHouse ransomware-as-a-service (RaaS) has upgraded its encryptor from a single-phase linear technique to a multi-layered method. The new 'Mario' encryptor variant uses a two-stage transformation with two keys, dynamic chunk sizing, and improved memory layout. This upgrade enhances encryption strength, speed, and reliability, making data recovery and analysis more challenging. RansomHouse, active since December 2021, has been linked to attacks on VMware ESXi hypervisors and recently targeted the Japanese e-commerce giant Askul Corporation.

Timeline

20.12.2025 17:23 1 articles · 23h ago

RansomHouse Enhances Encryption with Multi-Layered Data Processing
RansomHouse has upgraded its encryptor from a single-phase linear technique to a multi-layered method. The new 'Mario' encryptor variant uses a two-stage transformation with two keys, dynamic chunk sizing, and improved memory layout. This upgrade enhances encryption strength, speed, and reliability, making data recovery and analysis more challenging. RansomHouse has been active since December 2021 and has been linked to attacks on VMware ESXi hypervisors, including a recent attack on the Japanese e-commerce giant Askul Corporation.
Show sources

RansomHouse upgrades encryption with multi-layered data processing — www.bleepingcomputer.com — 20.12.2025 17:23
Open in new tab

Information Snippets

RansomHouse's new 'Mario' encryptor uses a two-stage transformation with a 32-byte primary key and an 8-byte secondary key.
First reported: 20.12.2025 17:23

1 source, 1 article
Show sources
- RansomHouse upgrades encryption with multi-layered data processing — www.bleepingcomputer.com — 20.12.2025 17:23
The encryptor employs dynamic chunk sizing at an 8GB threshold with intermittent encryption, complicating static analysis.
First reported: 20.12.2025 17:23

1 source, 1 article
Show sources
- RansomHouse upgrades encryption with multi-layered data processing — www.bleepingcomputer.com — 20.12.2025 17:23
The upgraded encryptor features better memory layout, multiple dedicated buffers, and more detailed file processing information.
First reported: 20.12.2025 17:23

1 source, 1 article
Show sources
- RansomHouse upgrades encryption with multi-layered data processing — www.bleepingcomputer.com — 20.12.2025 17:23
RansomHouse targets VM files and renames encrypted files with the '.emario' extension, dropping a ransom note named 'How To Restore Your Files.txt'.
First reported: 20.12.2025 17:23

1 source, 1 article
Show sources
- RansomHouse upgrades encryption with multi-layered data processing — www.bleepingcomputer.com — 20.12.2025 17:23
RansomHouse has been active since December 2021 and has been linked to attacks on VMware ESXi hypervisors.
First reported: 20.12.2025 17:23

1 source, 1 article
Show sources
- RansomHouse upgrades encryption with multi-layered data processing — www.bleepingcomputer.com — 20.12.2025 17:23
RansomHouse recently targeted the Japanese e-commerce giant Askul Corporation using multiple ransomware families.
First reported: 20.12.2025 17:23

1 source, 1 article
Show sources
- RansomHouse upgrades encryption with multi-layered data processing — www.bleepingcomputer.com — 20.12.2025 17:23