Infamous Ransomware Gang Shuts Down Operations and Takes Website Offline in April 2025
Ransomhub Hacker Group Disappears
Infamous Ransomware Gang Shuts Down Operations and Takes Website Offline in April 2025
April 5, 2025 — In a surprising turn of events, the notorious Ransomhub ransomware group has gone dark. As of early April 2025, the gang’s data leak site and payment portals hosted on the dark web have been completely shut down, sparking speculation that the group has either disbanded or is undergoing a major transition.
Ransomhub, one of the most active ransomware-as-a-service (RaaS) operations of the past year, first surfaced in February 2024. Known for targeting businesses and government entities worldwide, the group quickly gained infamy for its aggressive extortion tactics, high ransom demands, and sophisticated encryption schemes leveraging x25519, AES256, ChaCha20, and xChaCha20.
Security researchers confirmed that Ransomhub’s Tor-based leak site went offline without warning earlier this week. No farewell message or explanation was provided — a move that has led many to believe that the group may have either pulled an “exit scam” or is rebranding under a new name. Law enforcement takedown has not yet been confirmed, but cybersecurity experts are closely monitoring the situation.
“Sudden disappearances like this are rare but not unheard of,” said Alex Novak, a threat intelligence analyst. “It could mean they’re laying low due to increased pressure from law enforcement, or they’re planning a return under a new identity.”
Ransomhub had previously absorbed members from other disbanded groups, including former affiliates of LockBit, further boosting its capabilities. The shutdown follows a string of high-profile attacks throughout late 2024 and early 2025, including incidents involving critical infrastructure and healthcare providers.
Victims still holding out for decryption or data recovery may now be left in the dark, as the gang’s payment and communication channels are no longer active. This reinforces cybersecurity experts’ long-standing advice: never rely on ransomware groups to honor ransom payments and always prioritize secure backups and incident response planning.
For now, the fate of Ransomhub remains uncertain — but the cybersecurity world knows better than to assume this is the end.
