Ransomhouse attacks The DGCX

Incident Date:

January 12, 2023

World map



Ransomhouse attacks The DGCX


Dubai Gold & Commodities Exchange




Dubai, United Arab Emirates

, United Arab Emirates

First Reported

January 12, 2023

The Ransomhouse Ransomware Attack on DCGX

The Ransomhouse ransomware gang has attacked the DCGX. The DCGX, or the Dubai Gold and Commodities Exchange, is a commodities derivatives exchange headquartered in Dubai, UAE, founded in 2005. Ransomhouse uploaded the DCGX to its data leak site on January 13th, claiming to have stolen 100GB of data. Ransomhouse never posted the allegedly stolen data, suggesting that The DCGX paid the ransom.

RansomHouse's Modus Operandi

RansomHouse is a relatively new cybercrime operation that focuses on breaching networks by exploiting vulnerabilities to steal valuable data from their targets. Unlike typical ransomware groups, RansomHouse doesn't encrypt the compromised systems. Instead, they simply steal the data and demand payment for its return. Interestingly, they shift the blame onto their victims, claiming that the organizations' poor security posture is responsible for the attacks.

Comparisons and Connections

Many of RansomHouse's tactics resemble those of another data extortion group called Lapsus$. Some classify RansomHouse as a ransomware group, but both groups don't actually encrypt the data they target. RansomHouse's origins remain unconfirmed, although references to RansomHouse were found in ransom notes associated with White Rabbit, a ransomware strain possibly connected to the financial crime ring FIN8. RansomHouse, however, asserts that they only partnered with White Rabbit. Nevertheless, some experts, like Brett Callow, suspect that RansomHouse and White Rabbit share the same operators.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.