Takedowns spark affiliate bidding war among ransomware gangs
March 21, 2024 – Published on SC Magazine
Up-and-coming ransomware gangs are on a dark web recruitment drive to attract affiliates looking for work after authorities busted two of the biggest extortion operators: LockBit and ALPHV/BlackCat.
The ransomware-as-a-service (RaaS) criminal ecosystem has been left reeling from major blows delivered by international law enforcement agencies over the past few months — along with one claimed takedown that didn’t really happen.
Authorities are believed to have temporarily taken down ALPHV/BlackCat’s operations in December. The gang was back in business with new infrastructure weeks later, making headlines for its Change Healthcare attack.
It then disappeared, claiming authorities shut it down, but the move was most likely an exit scam so its leaders could keep all of the $22 million Change Healthcare ransom, rather than sharing it with the affiliate who carried out the attack.
“These disruptive events have resulted in distrust towards the most Established RaaS groups in the ransomware ecosystem today, including LockBit, and will almost certainly lead to the displacement of some portion of the associated affiliate corps,” GuidePoint Security researchers said in a March 20 post.
Read More HERE.