VERY IMPORTANT

RansomHouse, a ransomware-as-a-service operation run by Jolly Scorpius, has undergone a significant upgrade in encryption methods. The attack chain involves operators developing tools, attackers deploying ransomware, and victims being targeted. Two key components, MrAgent and Mario, are used to compromise virtualized environments. MrAgent manages deployments, while Mario encrypts files. The upgraded version of Mario features a more complex two-stage encryption process, improved memory management, and dynamic file processing. These enhancements make the ransomware more efficient and resilient to analysis, signaling a concerning trend in ransomware development that could influence future variants.