Calling all of the groups ‘lower-tier’ may have been inaccurate. Please be sure to read the update at the bottom of this post.
We’ve seen a few announcements this year heralding cartels or alliances in the ransomware ecosystem. Two such announcements involved DragonForce, but as SuspectFile reported, there was no evidence of a cartel, and at least one of the named groups flat-out denied joining one.
Today, there’s another alliance announcement. The Stormous group announced:
Important Announcement Regarding Our Operations
In our fifth edition (V5), we are announcing a strategic alliance that unites six RaaS groups, including their extended networks, affiliated personnel, malware toolkits, and operational infrastructure. This collaboration is designed to create a robust and scalable cyber network, with the primary goal of expanding attack surfaces, enhancing lateral movement capabilities, and optimizing the efficiency of ransomware campaigns.
Groups:
- Nova Ransomware
- DevMan Ransomware
- CoinBase Cartel
- RADAR Ransomware
- Desolator Ransomware
- Kryptos Ransomware
Firstly, that would be uniting seven groups, not six (Stormous may have forgotten to count themselves). But do these groups even know that they have formed a cartel or an alliance? A check of five of the six other entities’ sites uncovered no statement on any of them about any new alliance or cartel. One of the six sites was not online and could not be checked.
So they formed an alliance but none of the allies have announced it other than Stormous? We will see in the days to come whether any of the other named entities confirm,
“Paging SuspectFile to Aisle 4 for verification.”
Update: DataBreaches was contacted by a spokesperson for Devman. They were unhappy with the characterization of their group as “low-tier,” which was somewhat subjective since DataBreaches did not have actual income reports for all of the groups. As they describe themselves, in terms of money earney/income, they consider themselves medium-tier. DataBreaches took the opportunity to ask whether they agreed with what Stormous claimed about an alliance being formed. They agreed, and described it as an alliance, and not any “cartel.” When DataBreaches asked how they would benefit from the alliance, they responded, “Good to have friends.”
Stormous made poor choices to create the current environment. Allegations were made in haste , likely the result of myopic scapegoating, a forthcoming inquiry will show.