Ransomware Victims Who Pay a Ransom Drops to Record Low
April 18, 2024 – Published on BankInfoSecurity
Here’s ransomware news to celebrate: The number of victims who opt to pay a ransom has dropped to a record low. Also, operators of two major groups hit by law enforcement disruptions have each chosen to swindle their affiliates, sowing disaffection and driving away burned business partners.
Despite their record profits, all has not been smooth sailing for ransomware practitioners. Before the NCA-led disruption of LockBit, which included obtaining intelligence on hundreds of affiliates, the FBI and other law enforcement agencies last December disrupted BlackCat, aka Alphv. While neither group appears to have been permanently disabled, security experts lauded the disruptions for undercutting each group’s brand, sowing trust, amplifying fatigue and undercutting morale.
Both groups reacted to the unexpected hit on their business operations – including law enforcement trolling their leadership – not by seeking to bolster trust with affiliates, but rather by “swindling” them, as well as letting private disputes become public.
Shortchanging business partners plus the recent ransomware-as-a-service disruptions have triggered a mass diaspora of ransomware affiliates, perhaps numbering in the hundreds, who are now having to consider their next move.
“Affiliates are the lifeblood of RaaS operations, and in the wake of these disruptions, we’ve already observed smaller RaaS groups attempting to recruit disaffected or displaced affiliates,” said Drew Schmitt, who leads cybersecurity firm GuidePoint Security’s research and intelligence team, in a new report.
More affiliates appear to be opting to go it alone, following in the footsteps of others who have adopted and modified free ransomware builders that have leaked from the likes of Conti, LockBit and Babuk.
Read More HERE.