Four ransomware gangs working together in what they call a “cartel” is more of a dangerous partnership, according to a Virginia-based threat intelligence firm.
In a report released Wednesday, Analyst1 noted that while each gang dubbed Twisted Spider, Viking Spider, Wizard Spiker and Lockbit claim they’re in a cartel, they don’t share profits.
They can more accurately be described as “a collective of criminal gangs who, at times, work together in ransom operations,” the report noted, adding this actually makes them “far more dangerous” than if they were operating independently because they still share tactics and resources.
As possible proof of the partnership’s strength, the report notes that the criminal cartel says it emerged in June 2020 by someone claiming to represent Twisted Spider. Five months later, Twisted Spider announced they were shutting down their operations and claimed the cartel never existed. In February of this year, a multinational law enfo
One cybercrime gang extorted $75m from targets, study says
By Jamie Tarabay Bloomberg,Updated April 7, 2021, 5:45 p.m.
Email to a Friend
Cybercriminals often operate out of Russia, a study author noted, and are careful not to target Russians or Russian speakers.Sean Gallup/Getty
One gang of cybercriminals extorted at least $75 million from private sector companies, local governments, and hospitals, a former NSA contractor concluded in a months-long study released Wednesday, an alarming sign of the potential financial rewards for online attacks.
Jon DiMaggio, the chief security strategist at Virginia-based Analyst1, estimated the group known as Twisted Spider used the Egregor ransomware to extract at least that amount from his targets, according to publicly acknowledged ransom payments. He believes the real number is much higher, because âmany victims never publicly report when they pay a ransomâ and the âbad guys donât post their stuff online.â
DiMaggio’s study is a broad examination of attacks in recent months, examining the goals, practices and payoffs of what he calls the world’s first ransom cartel’. AFP Relaxnews
One gang of cybercriminals extorted at least US$75mil (RM309.86mil) from private sector companies, local governments and hospitals, a former NSA contractor concluded in a months-long study released on April 7, an alarming sign of the potential financial rewards for online attacks.
Jon DiMaggio, the chief security strategist at Virginia-based Analyst1, estimated the group known as Twisted Spider used the Egregor ransomware to extract at least that amount from his targets, according to publicly acknowledged ransom payments. He believes the real number is much higher, because “many victims never publicly report when they pay a ransom” and the “bad guys don’t post their stuff online”.
“Currency generation operations will therefore likely increase over the next year to compensate for the economic downturn and serve as a lifeline for the country. Moreover, DPRK adversaries may increase economic espionage operations specifically focused against the agricultural sector in an attempt to steal technology that could ameliorate some of the effects of an impending food shortage,” the report said.
“CrowdStrike Intelligence assesses that entities involved with the research, production or distribution of COVID-19 therapeutics will be at a high risk of North Korean targeted intrusions until a vaccine is widely available in North Korea.”
The report also found that 18 ransomware families infected 104 health care organizations in 2020, with the most prolific being Twisted Spider using Maze and Wizard Spider using Conti.