17APR

RansomHouse posts Trellix internal screenshots as extortion leverage

3 min read

13:56UTC

RansomHouse posted alleged internal system screenshots from inside Trellix to its leak site on or around 11 May, 24 days after the 17 April intrusion and 21 days after Trellix's 8 May self-disclosure, withholding the full source-code dump as extortion leverage.

← Back to Stryker MDM wipe exposes identity perimeter Jump to analysis ↓

TechnologyDeveloping

Key takeaway

Trellix's 45-day disclosure-to-extortion timeline is the data point the UK reporting bill will be argued against.

RansomHouse, the extortion crew, posted alleged internal system screenshots from inside Trellix to its leak site on or around Monday 11 May 2026 ¹. The screenshots reportedly show access to Trellix's appliance management console, its VMware estate, Rubrik backup infrastructure, and Dell EMC storage. Trellix, the US cybersecurity vendor formed from the McAfee Enterprise and FireEye merger, confirmed unauthorised repository access on 8 May but stated there was no evidence the source code had been altered or weaponised. The full source-code dump has not been published; RansomHouse is holding it as leverage.

RansomHouse says the original compromise occurred on 17 April 2026. Trellix self-disclosed on 8 May, a 21-day intrusion-to-disclosure gap . The leak-site posting on 11 May added a further three days before the first public extortion artefact landed, totalling roughly 24 days from initial access to leak-site publication. RansomHouse's incremental disclosure tactic, screenshots first and dump later, is by now a standard pattern for the operator.

The UK Cyber Security and Resilience Bill, at Report Stage in Parliament since 2 March 2026, proposes a 24-hour initial-notification window and a 72-hour full-report requirement . Trellix's 21-day gap is well beyond the bill's proposed initial threshold. The case is now a worked example for parliamentary debate: a US-headquartered cybersecurity vendor with UK customers, an intrusion-to-disclosure interval running into weeks, and an attacker-controlled second disclosure window opened beyond it. The Capita ICO precedent has already shown the regulator willing to treat NCSC guidance as enforceable; the bill would put a statutory clock on top of that.

Deep Analysis

In plain English

Trellix sells cybersecurity software used by large organisations to detect and respond to attacks. The group RansomHouse broke into Trellix on 17 April 2026, and rather than releasing all stolen data immediately, posted screenshots of Trellix's internal systems on 11 May to pressure the company into paying. Trellix confirmed the break-in but claimed the hackers had not altered its software.

Source Landscape

This story draws on neutral-leaning sources

Primary parallel: Mandiant's April 2022 breach disclosure, where Lapsus$ publicly claimed access to Mandiant source code and internal systems before the disclosure. Mandiant confirmed a breach within days but characterised the scope narrowly. A cybersecurity vendor whose products include threat detection tooling disclosed access by an extortion actor while asserting limited operational impact; the Trellix case follows the same structural template.

Counter-parallel: FireEye's December 2020 disclosure of the SUNBURST-adjacent tool theft came within days of detection, with immediate release of countermeasures and indicators of compromise. FireEye published detection signatures before the public disclosure landed. Trellix's 21-day intrusion-to-disclosure gap (ID:3124) and RansomHouse's 24-day post-intrusion extortion post sit well outside that model.

Consensus view: The UK's National Cyber Security Centre and the Dutch NCSC-NL assess that RansomHouse's screenshot-first tactic, releasing proof of access while withholding the full dump, reflects a calculated attempt to maximise negotiation leverage before Trellix's cyber-insurance policy pays out. The 24-day gap between intrusion and leak-site publication is consistent with RansomHouse's average negotiation timeline observed in prior campaigns.

Counter-view: Security researcher Fabian Wosar at Recorded Future notes that Trellix's public statement ('no evidence source code was altered or weaponised') does not contradict the screenshots; it narrows the damage claim to integrity rather than confidentiality. Vendors routinely make this distinction to avoid triggering customer contract provisions around source-code confidentiality breaches, while the screenshots themselves demonstrate access far beyond the stated scope.

Key tension: Trellix sells security operations products to enterprises that hold sensitive detection logic and threat-intelligence feeds. A vendor breach exposing the appliance management console and VMware estate potentially exposes the architecture of client detection environments, a second-order risk that Trellix's disclosure has not addressed.

Sources:ThaiCERT

Mentions:RansomHouse →Trellix →VMware vCenter →Rubrik →Dell EMC →Cyber Security and Resilience Bill →Capita →FireEye →McAfee Enterprise →Dell →Mandiant →NCSC →Parliament →Cyber Resilience Act →

First Reported In

Update #4 · AI joins the breach column on both sides

ThaiCERT· 20 May 2026

Read original →

Causes and effects

This Event

RansomHouse posts Trellix internal screenshots as extortion leverage

A worked example of the disclosure-gap problem the UK Cyber Security and Resilience Bill is trying to close: 45 days total from initial access to first public extortion artefact, with the bill's proposed 24-hour reporting clause currently before Parliament.

Led to

Trellix discloses 21-day-old breach of source-code repository

RansomHouse's leak-site screenshots are the direct continuation of the Trellix intrusion disclosed on 8 May, escalating from self-disclosure to public extortion pressure.

Occurred 8 May 2026

Read story →

Different Perspectives

Google Threat Intelligence Group

GTIG's attribution of the GitHub breach extends UNC6780's documented arc from SAP npm through Cisco AI Defense to GitHub's own estate; its 36-hour LiteLLM exploitation set the speed benchmark CISA AA26-148A is designed to address. GTIG's published tracking gives defenders the actor profile needed to assess their own developer-toolchain exposure.

Enterprise security buyers / CISO community

For enterprise security leaders, two KEV AI-orchestration entries in three weeks (LiteLLM 8 May, Langflow 21 May) convert shadow AI tooling from a governance risk to a confirmed attack surface requiring immediate software asset inventory. The 65 per cent gap in enterprise AI tool inventories documented by Wiz Research is now a liability rather than a compliance footnote.

DSIT / UK Government

DSIT framed the £14.7 billion sector figure and the Cyber Resilience Pledge as a paired signal: commercial strength alongside supply-chain accountability, with £90 million targeting the NHS supplier exposure this briefing's threat events directly illustrate. The voluntary Pledge's enforceability gap, prior to the Cyber Security and Resilience Bill reaching Royal Assent, is the question its launch does not answer.

GitHub / Microsoft

GitHub confirmed that no customer repositories or user data were affected by the Nx Console breach, but acknowledged approximately 3,800 internal repositories were cloned and referred to CISA Alert AA26-148A's allow-listing guidance. The incident puts Microsoft in the position of operating a marketplace whose publisher-verification gap is now a documented attack vector in a federal advisory.

Tsinghua University Institute for International Strategic Studies

Beijing-aligned commentary rejects US attribution of PRC-nexus clusters (UNC2814, APT45, UAT-8616) as politically motivated framing, characterising the April sixteen-agency joint advisory as coordinated Western pressure rather than independent technical assessment.

Cisco

Cisco has not confirmed the UNC6780 breach scope beyond the named AI Defense and AI Assistant projects; GitHub confirmed an investigation. CVE-2026-20182 is the sixth Cisco SD-WAN KEV entry in 2026, reaching that milestone the same week UNC6780's source-code visibility into the portfolio became public.