Warning: A New Ransomware Cartel Has Formed Sharing Techniques, Code, and Infrastructure

Stu Sjouwerman | Jul 27, 2021

New Ransomware CartelIn a new twist, security researchers at Analyst1 have identified four Russian ransomware gangs that actively work together to coordinate attacks, data leaks, and more.

It’s bad enough when there’s one threat actor attacking your organization. But when it’s four cybercriminal gangs working together to share best practices, code, infrastructure, techniques, and more, it spells doom for their victims. New research from threat intelligence vendor Analyst1 combines months of research, analysis, tracking, cross-referencing, and more of ransomware gang activity, bringing to light a new ransomware cartel.

According to Analyst1, four ransomware gangs in specific are part of this new cartel:

  • Twisted Spider (who use Maze and Egregor)
  • Viking Spider (Ragnar Locker)
  • Wizard Spider (Ryuk and Conti)
  • The Lockbit Gang (Lockbit)

Some of the notable ties between these gangs, demonstrating the cartel-like interactions include:

  • Sharing of victim data & leak sites – in some cases, one gang steals the data and then uses another gang to perform the extortion and publishing
  • Sharing of infrastructure – multiple gangs have used identical IP addresses for C2 servers
  • Adopting each other’s tactics – an example is them all adopting the use of virtual machines in the victim environment (something originally mastered by Viking Spider)
  • They all have claimed affiliation to the cartel

This cartel demonstrates what’s coming next; more sharing between gangs and I would assume some sort of “anti-threat intelligence” about security solutions.

The only light at the end of the tunnel is the need by these gangs to have your users interact and engage with phishing emails – something a solid education using Security Awareness Training will counteract and, therefore, stop attacks before they can do damage.

Topics: Ransomware

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.