RansomHub Brings Scattered Spider Into Its RaaS Fold
June 12, 2024 – Published on Dark Reading
Last spring’s spectacular implosion of mainstay ransomware-as-a-service (RaaS) operation BlackCat/AlphV left its affiliates burned — gamed out of millions they were owed for past scams and left without infrastructure to support their future cybercrime aspirations. What ensued was a recruiting war for the best affiliates into the RaaS groups left standing.
The RansomHub RaaS group appears to have scored a major victory by attracting the Scattered Spider threat group into its affiliate ranks, according to new research from GuidePoint Security. A detailed analysis by GuidePoint reveals that Scattered Spider, a notoriously aggressive threat group behind the 2023 ransomware attacks on Caesars Entertainment and MGM Resorts, has been carrying out ransomware attacks using RansomHub starting earlier this year.
The timing jibes with ads posted on the Dark Web by RansomHub promising prospective affiliates juicy 90/10 ransom splits with the group, as well as the promise to allow the cybercriminals to get paid first and payout the group later, to avoid “exit scams” like the one BlackCat pulled last March, according to Jason Baker, senior threat consultant with GuidePoint Security.
“Scattered Spider affiliates may also have been attracted to RansomHub based on the movement of peers or positive word-of-mouth,” Baker tells Dark Reading.
Read More HERE.