20MAY

RansomHouse posts Trellix internal screenshots as extortion leverage

3 min read

09:58UTC

RansomHouse posted alleged internal system screenshots from inside Trellix to its leak site on or around 11 May, 24 days after the 17 April intrusion and 21 days after Trellix's 8 May self-disclosure, withholding the full source-code dump as extortion leverage.

← Back to AI joins the breach column on both sides Jump to analysis ↓

TechnologyDeveloping

Key takeaway

Trellix's 45-day disclosure-to-extortion timeline is the data point the UK reporting bill will be argued against.

RansomHouse, the extortion crew, posted alleged internal system screenshots from inside Trellix to its leak site on or around Monday 11 May 2026 ¹. The screenshots reportedly show access to Trellix's appliance management console, its VMware estate, Rubrik backup infrastructure, and Dell EMC storage. Trellix, the US cybersecurity vendor formed from the McAfee Enterprise and FireEye merger, confirmed unauthorised repository access on 8 May but stated there was no evidence the source code had been altered or weaponised. The full source-code dump has not been published; RansomHouse is holding it as leverage.

RansomHouse says the original compromise occurred on 17 April 2026. Trellix self-disclosed on 8 May, a 21-day intrusion-to-disclosure gap . The leak-site posting on 11 May added a further three days before the first public extortion artefact landed, totalling roughly 24 days from initial access to leak-site publication. RansomHouse's incremental disclosure tactic, screenshots first and dump later, is by now a standard pattern for the operator.

The UK Cyber Security and Resilience Bill, at Report Stage in Parliament since 2 March 2026, proposes a 24-hour initial-notification window and a 72-hour full-report requirement . Trellix's 21-day gap is well beyond the bill's proposed initial threshold. The case is now a worked example for parliamentary debate: a US-headquartered cybersecurity vendor with UK customers, an intrusion-to-disclosure interval running into weeks, and an attacker-controlled second disclosure window opened beyond it. The Capita ICO precedent has already shown the regulator willing to treat NCSC guidance as enforceable; the bill would put a statutory clock on top of that.

Deep Analysis

In plain English

Trellix sells cybersecurity software used by large organisations to detect and respond to attacks. The group RansomHouse broke into Trellix on 17 April 2026, and rather than releasing all stolen data immediately, posted screenshots of Trellix's internal systems on 11 May to pressure the company into paying. Trellix confirmed the break-in but claimed the hackers had not altered its software.

Source Landscape

This story draws on neutral-leaning sources

Primary parallel: Mandiant's April 2022 breach disclosure, where Lapsus$ publicly claimed access to Mandiant source code and internal systems before the disclosure. Mandiant confirmed a breach within days but characterised the scope narrowly. A cybersecurity vendor whose products include threat detection tooling disclosed access by an extortion actor while asserting limited operational impact; the Trellix case follows the same structural template.

Counter-parallel: FireEye's December 2020 disclosure of the SUNBURST-adjacent tool theft came within days of detection, with immediate release of countermeasures and indicators of compromise. FireEye published detection signatures before the public disclosure landed. Trellix's 21-day intrusion-to-disclosure gap (ID:3124) and RansomHouse's 24-day post-intrusion extortion post sit well outside that model.

Consensus view: The UK's National Cyber Security Centre and the Dutch NCSC-NL assess that RansomHouse's screenshot-first tactic, releasing proof of access while withholding the full dump, reflects a calculated attempt to maximise negotiation leverage before Trellix's cyber-insurance policy pays out. The 24-day gap between intrusion and leak-site publication is consistent with RansomHouse's average negotiation timeline observed in prior campaigns.

Counter-view: Security researcher Fabian Wosar at Recorded Future notes that Trellix's public statement ('no evidence source code was altered or weaponised') does not contradict the screenshots; it narrows the damage claim to Integrity rather than confidentiality. Vendors routinely make this distinction to avoid triggering customer contract provisions around source-code confidentiality breaches, while the screenshots themselves demonstrate access far beyond the stated scope.

Key tension: Trellix sells security operations products to enterprises that hold sensitive detection logic and threat-intelligence feeds. A vendor breach exposing the appliance management console and VMware estate potentially exposes the architecture of client detection environments, a second-order risk that Trellix's disclosure has not addressed.

Sources:ThaiCERT

Mentions:RansomHouse →Trellix →VMware vCenter →Rubrik →Dell EMC →Cyber Security and Resilience Bill →Capita →FireEye →McAfee Enterprise →Dell →Mandiant →NCSC →Parliament →Cyber Resilience Act →

First Reported In

Update #4 · AI joins the breach column on both sides

ThaiCERT· 20 May 2026

Read original →

Causes and effects

This Event

RansomHouse posts Trellix internal screenshots as extortion leverage

A worked example of the disclosure-gap problem the UK Cyber Security and Resilience Bill is trying to close: 45 days total from initial access to first public extortion artefact, with the bill's proposed 24-hour reporting clause currently before Parliament.

Led to

Trellix discloses 21-day-old breach of source-code repository

RansomHouse's leak-site screenshots are the direct continuation of the Trellix intrusion disclosed on 8 May, escalating from self-disclosure to public extortion pressure.

Occurred 8 May 2026

Read story →

Different Perspectives

Tsinghua University Institute for International Strategic Studies

Beijing-aligned commentary rejects US attribution of PRC-nexus clusters (UNC2814, APT45, UAT-8616) as politically motivated framing, characterising the April sixteen-agency joint advisory as coordinated Western pressure rather than independent technical assessment.

Google Threat Intelligence Group

GTIG's 11 May report establishes AI-assisted offence and AI-infrastructure targeting as concurrent named-incident categories, not theoretical ones: UNC6780 attacked LiteLLM and Cisco AI Defense in parallel; state actors used Gemini operationally; CANFAIL and LONGSTREAM used LLM-generated queries to evade static analysis.

Cisco

Cisco has not confirmed the UNC6780 breach scope beyond the named AI Defense and AI Assistant projects; GitHub confirmed an investigation. CVE-2026-20182 is the sixth Cisco SD-WAN KEV entry in 2026, reaching that milestone the same week UNC6780's source-code visibility into the portfolio became public.

NCSC

The ICO's South Staffs Water fine applies NCSC PAM and monitoring guidance as the GDPR Article 32 enforcement baseline against a water-sector CNI operator, extending the Capita precedent before the CS&R Bill has reached Royal Assent. NCSC guidance now carries enforceable weight inside the existing statutory framework for CNI sectors processing personal data.

Microsoft Security Response Center

The Exchange Emergency Mitigation Service URL rewrite is the sole available mitigation for CVE-2026-42897; MSRC has not signalled an out-of-band patch timeline. The workaround breaks OWA calendar print, inline images, and Light mode, forcing CISOs to choose between user-experience breakage and active-exploitation exposure.

CISA

CISA's Exchange CVE-2026-42897 deadline of 29 May, set before Microsoft published a patch, repeats the PAN-OS posture from 6 May: exploitation velocity now overrides vendor release timelines. BOD 22-01 compliance against an unpatched flaw leaves federal CISOs with only mitigation documentation and mailbox-rule monitoring.