Scattered Spider Now Affiliated with RansomHub Following BlackCat Exit

June 12, 2024 – Published on Infosecurity Magazine

The notorious Scattered Spider cybercrime group has become an affiliate of the RansomHub ransomware-as-a-service (RaaS) operator, according to an analysis by GuidePoint Security.

The researchers assessed with a high degree of confidence that at least some portion of Scattered Spider, a former ALPHV/BlackCat affiliate, is now conducting ransomware operations with RansomHub based on observed tactics, techniques and procedures (TTPs).

ALPHV/BlackCat appears to have disbanded after receiving a ransom payment from US healthcare firm Change Healthcare in March 2024, which has significantly impacted the RaaS ecosystem.

Experts at Infosecurity Europe highlighted how the collapse of BlackCat and LockBit, the latter following a law enforcement operation in February, has led to the emergence of a new RaaS model, who are increasingly competing with one another for affiliates.

One such RaaS group that has come onto the scene is RansomHub, which reportedly hit Change Healthcare’s owner UnitedHealth Group with a second extortion demand  by threatening to publish data stolen in the original attack.

GuidePoint said its analysis began after responding to a ransomware attack seeking to impact an organization’s ESXi environment in early 2024.

Read More HERE.