Alexander Martin reports:
Veteran cybercriminals involved in ransomware attacks are increasingly shying away from large ransomware-as-a-service (RaaS) platforms following a spate of law enforcement disruption operations, as well as the AlphV/BlackCat gang’s high-profile exit scam, according to officials and industry experts.
Organized online crime groups are attempting to reduce their dependence on RaaS services by developing their own variants of the malicious software, building on leaked tools to carry out attacks independently rather than as affiliates of an existing group, said a Europol threat assessment published Monday.
Experts caution that the ongoing fragmentation may not result in a decrease in ransomware or extortion incidents.
Read more at The Record.
From Europol’s report:
Continued takedowns of cybercriminal forums and marketplaces shortened the lifecycle of criminal sites, as the site administrators try to avoid drawing law enforcement (LE) attention. This uncertainty, combined with a surge in exit scams, have contributed to the continued fragmentation of criminal marketplaces. Cybercriminals’ abuse of legitimate end-to-end encryption (E2EE) messaging applications also increased throughout 20231.
Regulatory frameworks aimed at strengthening digital systems and making the user experience more secure are being adapted, but the human factor still remains the weakest link in most cyber defence scenarios. Multi-layered extortion models are increasingly common throughout the entire spectrum of cybercrime threats. Law enforcement actions have prompted ransomware groups to disband and reorganise, making it harder to distinguish between ransomware brands and the threat actors behind the operations.