Skip to content

After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive

March 20, 2024 – Published on Dark Reading

High-profile takedowns of brand-name ransomware operations are starting to have a real impact, sowing discord among hackers and causing major shifts in the cyber underground.

The US and European Union governments have ramped up efforts to disrupt ransomware-as-a-service (RaaS) operations in recent months, most notably with headline-grabbing coordinated actions against the infamous LockBit and ALPHV/BlackCat groups. Police have identified ringleaders, seized malicious infrastructure and data — including information about affiliates — and even trolled adversaries with messages posted to their leak sites.

Though well-intentioned, these missions tend to receive criticism when, inevitably, remnants of such large, diffuse groups pop up days or weeks after their reported demise. After all, if the threat actors aren’t being eradicated, what’s the point?

A new report from GuidePoint Security on the current state of the ransomware ecosystem supplies that answer.

Thanks to the drama surrounding household RaaS groups, affiliates — the hackers who actually carry out attacks on their behalf — have increasingly moved away from them, toward lesser-known RaaS upstarts offering what they couldn’t: trust.

“The question has been for years: How do we stop ransomware?” says Drew Schmitt, practice lead for the GuidePoint Research and Intelligence Team (GRIT). “One of the pieces of the answer could be creating distrust between groups and their affiliates.”

Read More HERE.