Police hit the Lockbit hacker gang hard, hacking into the cybercriminals’ platform and then posting members’ names. However, the RansomHub group has already established itself as the collective to watch for the coming years.
2024 will be the year the police dealt a heavy blow to the Lockbit hacker group. The much-feared pirate gang has been sowing chaos for more than four years, hitting hospitals and multinationals in turn. By attacking the cybercriminals’ platform, closing their accounts and revealing the names of its members, European police have seriously damaged the image of this organization.
But, just like a merchant who changes his window, pirates often disappear behind a new storefront, ready to start their activities again under another name.
The RansomHub group, which emerged earlier this year, quickly gained momentum, surpassing its criminal competitors. The collective has named and shamed hundreds of organizations on its site, accessible on the darknet.
Among the notable victims, we can note the comic strip city of Angoulême, the Japanese giant Kawasaki, Bologna professional football club and the auction company Christie’s.
A gang that attracts cybercriminals looking for work
According to cybersecurity experts, this collective quickly recruited idle Lockbit affiliates. Concretely, the Lockbit malware was supervised by a team and rented to associated hackers, like renting Photoshop. The hackers are responsible for attacking the targets, and if the latter ends up paying a ransom, the managers will receive a commission on the winnings. With Lockbit infiltrated by the police, cybercriminals have turned to this lucrative alternative.
The other big “challenger” of the cybercriminal world, ALPHV/BlackCat, disappeared in 2024 after lying to its partners, making them believe that they were arrested by the police. A boon for RansomHub which was once again able to attract aggrieved associates.
In the half-yearly report from ESET, a company specializing in IT security, Jakub Souček, cyber threat researcher, notes “ that by 2024, RansomHub has established itself as the leading ransomware group on the market, replacing the disrupted Lockbit service. We expect RansomHub to maintain this position well into 2025 ».
However, he adds that this “ commercial model‘ operates in a very competitive environment, where gangs do not hesitate to innovate and modify their affiliate programs to attract more partners and increase their profitability. »
The analysts of ZeroFox have also tracked RansomHub’s rise this year, reporting that the group accounted for about 2% of all attacks in the first quarter, 5.1% in the second, 14.2% in the third, and about 20% in the fourth. The logical trajectory would be for RansomHub to continue to grow, sadly, into 2025.
Source: www.numerama.com
