Ransomware gangs of 2024: The rise of the affiliates
August 30, 2024 – Published on TechInformed
The last 12 months have brought big news on the ransomware front, with law enforcement announcing the takedowns of major ransomware gangs including LockBit and ALPHV/Black Cat. But despite the success of the FBI and its allies in tackling some of the biggest threat actors, businesses find themselves no safer from cyber-attacks than in previous years.
So, has the disbandment of two of the most dominant and well-known ransomware gangs done nothing to make enterprises more secure? Or is something else going on?
Emerging data from reports indicate a shifting trend: affiliates once aligned with LockBit and ALPHV are now avoiding the big-name gang. Trust in a larger group has waned, with many members opting for smaller, more nimble groups.
Since the downfall of LockBit in February, cybersecurity experts are still evaluating the long-term impact on the ransomware ecosystem – however, the prevailing consensus is that affiliates are adopting a more “nomadic” approach. Affiliates are smaller criminal enterprises that lease a ransomware operator’s malware, techniques, stolen passwords etc in return for paying a monthly fee and share a percentage of any ransom payments.
For instance, according to a report from researchers at GuidePoint Security, Medusa is offering generous profit-sharing percentages, with up to 90% going to the affiliates – this is a much better deal than in the past when affiliates were obliged to part with up to 40% of the ransom profits which went to the gangs.
Read More HERE.