Cyber Threat Actor: EpsilonRed

EpsilonRed, also known as Epsilon Red Group, is a threat actor operating under the Hive ransomware banner with suspected ties to Russia. The group employs double-extortion tactics, encrypting victim systems while exfiltrating sensitive data to pressure organizations into paying ransoms. Hive ransomware operations have targeted healthcare providers, educational institutions, energy companies, retail chains, and logistics services across multiple regions, including the United States, Canada, Europe, and Latin America. Financial gain is the primary objective, evidenced by ransom demands ranging from $100,000 to $2 million and explicit negotiations citing victims' cyber insurance policies.

The group consistently uses Hive ransomware to encrypt victim networks and exfiltrate data, often maintaining network access for extended periods before deploying encryption. Initial access vectors include phishing campaigns, though specific intrusion methods are rarely detailed in public reports. Notable TTPs include aggressive direct communication with victims' clients or patients to escalate pressure, as demonstrated in attacks against Knox College and a British educational trust where threat actors contacted parents using stolen data. EpsilonRed affiliates have compromised healthcare entities like Lake Charles Memorial Health System and Partnership HealthPlan of California, disrupting medical services and exfiltrating patient records. Other significant operations include the encryption of MediaMarkt's European retail systems and the breach of Guatemala's Customs Service via APM Terminals. The group publicly disputes victim statements about incident response timelines and data access, as seen in conflicting claims with Lake Charles Memorial regarding network dwell time.