Warning: A New Ransomware Cartel Has Formed Sharing Techniques, Code, and Infrastructure



New Ransomware CartelIn a new twist, security researchers at Analyst1 have identified four Russian ransomware gangs that actively work together to coordinate attacks, data leaks, and more.

It’s bad enough when there’s one threat actor attacking your organization. But when it’s four cybercriminal gangs working together to share best practices, code, infrastructure, techniques, and more, it spells doom for their victims. New research from threat intelligence vendor Analyst1 combines months of research, analysis, tracking, cross-referencing, and more of ransomware gang activity, bringing to light a new ransomware cartel.

According to Analyst1, four ransomware gangs in specific are part of this new cartel:

  • Twisted Spider (who use Maze and Egregor)
  • Viking Spider (Ragnar Locker)
  • Wizard Spider (Ryuk and Conti)
  • The Lockbit Gang (Lockbit)

Some of the notable ties between these gangs, demonstrating the cartel-like interactions include:

  • Sharing of victim data & leak sites – in some cases, one gang steals the data and then uses another gang to perform the extortion and publishing
  • Sharing of infrastructure – multiple gangs have used identical IP addresses for C2 servers
  • Adopting each other’s tactics – an example is them all adopting the use of virtual machines in the victim environment (something originally mastered by Viking Spider)
  • They all have claimed affiliation to the cartel

This cartel demonstrates what’s coming next; more sharing between gangs and I would assume some sort of “anti-threat intelligence” about security solutions.

The only light at the end of the tunnel is the need by these gangs to have your users interact and engage with phishing emails – something a solid education using Security Awareness Training will counteract and, therefore, stop attacks before they can do damage.


RanSim

Free downloadable software tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

RanSim gives you a quick look at the effectiveness of your existing network protection. RanSim will test 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the installer and run it
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransim

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews