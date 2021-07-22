International
The world’s best ransomware gangs have created a cybercrime “cartel”
Some of the biggest Russian cyber criminal gangs have ransomware consortium and are sharing hacking techniques, corrupted data information, malware code and technology infrastructure.
The most active collaborators are four groups known as Spider mage, Spider Twisted, Viking Spider AND LockBit. Gangs in this group jointly control access to illegal data leak sites and ransomware personalized code. They also associate with the largest criminal ransomware ecosystem, exert influence on smaller gangs, and license their assets to affiliates, said Jon DiMaggio, chief security strategist at Analyst1. Groups do not appear to share profits from criminal activity.
“They are not a cartel in the traditional sense, like oil companies having a blockage of crude oil supply,” DiMaggio explained. “But they have technological infrastructure and some are big enough to have theirs [ransomware] These are limited resources “.
Viking Spider and LockBit groups upload stolen information to a data breach site organized and controlled by Twisted Spider, according to DiMaggio research. This information is used for fraudulent attacks that distribute ransomware and are posted to the criminal names and sites of shame used to embarrass and coerce victims. The gangs also shared hacking tools and software exploits known as zero days weaknesses. Twisted Spider also operates a command and control server that hosts malware and hacking tools used by other gangs including Viking Spider, LockBit and a now wrecked group called Suncrypt gang.
Cybercrime gangs often try to cultivate uniqueness people, and are known for using custom types of ransomware. The REvil and Twisted Spider bands are affiliated with maze AND Egregor ransomware, respectively. The Spider Wizard is associated with Ryuk AND Conti.
New piles are more powerful, sophisticated
Piracy groups often collaborate, break down, shut down, rebrand and regroup. Some groups in the so-called pile of cartels announced a collaboration in July 2020, then disbanded in November. The new gang cluster is potentially more powerful, DiMaggio said, because of his connections to other threat actors in cybercrime ecosystem. For example, his INVESTIGATION connects the new band with three additional bands, incl EvilCorp, a veteran piracy group led by Maksim Yakubets targeting remote workers during the pandemic.
DiMaggio study also links new ransomware associates to SilverFish, a highly cyber security piracy group researchers i believe it is actually FSB or SVR, Russian intelligence groups BACK of Solar winds cyber attacks.
Some ransomware gangs are so sophisticated that they have a mediation process to address the dispute, according to DiMaggio and hackers familiar with the process. REvil, for example, deposited $ 1 million into a fund organized in a cybercrime forum to guarantee payments to partners, in the hope of attracting high-quality hackers. Kur ransomware DarkSide bunch suddenly ceased to operate, some of its members were not paid. The money from the criminal forum was used to pay those associates, causing a dispute that was resolved using internal means of communication.
These tools, DiMaggio said, are part of what makes groups so successful. “They can resolve the inevitable money disputes quickly, then get back to work,” he said.
The growing cybercrime industry
The ransomware partnership is part of a larger and growing partnership ransomware industry-as-a-service. Similar to software as a service, a booming industry that sells subscriptions to software rather than downloads, ransomware-as-a-service allows anyone to pay a fee to license a hacker’s technology and capabilities. Grupe si attack AND The dark side, allegedly responsible for some of The largest ransomware hack in history, offered friendly customer service and IT support for victims.
Ransomware code is relatively easy to use readjust. A large market of unprotected computers combined with pseudonymity e cryptocurrency has created a mature environment for criminal exploitation, DiMaggio said.
This new cartel presents new challenges, DiMaggio said. He worries that “a mega-group cartel” would be much more dangerous than previous groups because it would have more structure. He added, “with coordination and organization, their ransomware types can be more dangerous than any individual guns online“
Sources
2/ https://www.cbsnews.com/news/ransomware-cybercrime-cartel-wizard-spider-viking-spider-lockbit-twisted-spider/
The mention sources can contact us to remove/changing this article
