The RansomHouse extortion group has added a new entry to its leak site: an unnamed “CyberSecurity Vendor” with annual revenues above $1 billion. No official confirmation has come from any company, but based on public financial data and company size, several researchers have pointed toward Barracuda Networks as the likely target.
Who fits?
RansomHouse typically teases victims before releasing the full dataset. The “$1 billion revenue” claim does meaningful filtering work here. Barracuda Networks, acquired by KKR in 2022, reported revenues in the $1–2 billion range before going private. Larger firms like Palo Alto Networks or Cisco fall outside the “Cybersecurity Vendor” framing RansomHouse used, Barracuda fits the niche more precisely.
How RansomHouse operates
Unlike LockBit or BlackCat, RansomHouse doesn’t typically encrypt files. The group focuses on data theft and extortion: steal quietly, give the victim a window to pay before the data goes to auction, and sometimes frame the whole thing as a “forced pen test” that exposed flaws the company should have patched anyway. It’s a cynical framing, but it’s theirs.
Why Barracuda specifically?
The revenue match isn’t the only reason researchers are looking in that direction. Barracuda has been a target before. In 2023, a zero-day in its Email Security Gateway appliances (CVE-2023-2868) was exploited by what investigators believed were state-sponsored actors. A company that’s already been in sophisticated threat actors’ crosshairs once is a reasonable candidate to come up again.
The supply chain concern here is real. A breach of a security vendor can expose customer contact lists, proprietary detection logic, source code, and support tickets that contain detailed customer network configurations. The companies customers hire to protect them hold a lot of sensitive information about those customers.
How seriously should this be taken?
Threat actors inflate revenue figures to raise the ransom ceiling. RansomHouse’s claim shouldn’t be taken at face value. That said, the group has a documented history of targeting large enterprises, and the specificity of the claim suggests some level of real access rather than a bluff.
Barracuda has not issued any statement.
What should customers do right now?
Patch everything, particularly ESG appliances. Enable MFA on all administrative accounts. Watch for unauthorized access. These aren’t novel recommendations, but they’re the right ones while the picture is still unclear.
This report is based on public leak site data and financial analysis. Barracuda Networks has been contacted for comments.
