Several of the largest ransomware cybercrime gangs in Russia have partnered to share hacking techniques, confidential data breach information and malware codes.
Four groups, “Wizard Spider”, “Twisted Spider”, “Viking Spider” and “LockBit”, announced the formation of this alliance, according to what the American network “CBS News” revealed.
These groups are also linked to the larger ransomware criminal system, said John DiMaggio, chief security strategist at Analyst1, which analyzes information related to network security.
He also added that they exert influence over smaller gangs and license their tools to their affiliates, noting that these groups do not appear to share profits from criminal activity.
“They are not a cartel in the traditional sense, like the oil company cartels that control crude oil supplies, but they have a technological infrastructure, and some are big enough to have their own ransom code,” he added.
In addition, Dimaggio explained that the “Viking Spider” and “LockBit” groups upload stolen information to a data breach site hosted and controlled by the “Twisted Spider” group.
He warned that the new group of gangs could be even more powerful, due to their connections to other threat actors in the cybercriminal ecosystem.
The strategist’s research links the new group to three additional gangs, including “EvilCorp,” a veteran hacking group led by Russian network expert Maxim Yakupets, which has targeted remote workers during the pandemic.
The network’s report stated that this information is used in “name-and-shame sites” attacks that use ransomware to extort victims.
He stated that some ransomware gangs are so sophisticated that they have means to handle disputes among themselves, according to DiMaggio.
He also noted that these tools are an aspect of what makes groups so successful, as they enable them to quickly resolve financial disputes and then get back to work.
The report indicated that groups that engage in piracy activities frequently cooperate, disintegrate, close and regroup, noting that several groups announced cooperation in July 2020, then were dissolved in November.
It is noteworthy that US President Joe Biden said on July 4 that the US government’s “principal belief” is that Russian hackers were not involved in a ransomware attack on hundreds of American and Swedish institutions.
Biden’s statements came after the American company “Cassia”, which provides many companies with an information technology management service, was subjected to a cyber attack that included demanding a number of its customers to pay a ransom.
It is noteworthy that this type of program exploits security vulnerabilities that exist in companies or individuals, encrypts computer systems and demands a ransom to restart them.