Double extortion possible: cyber criminals in a clinch
A dispute has broken out between two rival criminal ransomware groups. Cyber experts warn that companies could be blackmailed twice.
(Image: Shutterstock.com / Gorodenkoff)
A turf war between two criminal ransomware groups could lead to more cyberattacks and greater damage for affected companies. This was reported on Monday by the British daily newspaper Financial Times with reference to cyber security experts who are following the disputes in the growing criminal ransomware sector.
According to the report, DragonForce, a group of predominantly Russian-speaking cybercriminals, and one of its biggest competitors, RansomHub, have clashed. Security experts warn that the conflict "could increase the risks for companies, including the danger of being blackmailed twice", writes the Financial Times.
The DragonForce group first appeared in August 2023. According to cybersecurity firm Group-IB, it recorded a total of 82 victims on its dark web site in the following twelve months. RansomHub also became known in 2023. This group is held responsible for some spectacular cyberattacks, such as those on the US gas and oil service provider Halliburton, one of the world's largest oil service providers, on the renowned British auction house Christie's or the non-profit organization Planned Parenthood, which offers medical abortion services, among other things.
Rival cybercrime gangs
Now DragonForce and RansomHub appear to have come into conflict with each other. "Most cybercrime groups have a deep-rooted need for glory and superiority, which could lead them to try to outdo each other by attempting to attack and extort the same target," Financial Times quotes Toby Lewis, global head of threat intelligence at UK cybersecurity firm Darktrace, as saying. According to the paper, groups like the two mentioned sell the tools and infrastructure needed to access companies' internal systems and blackmail them for money. They operate primarily on the dark web. Their customers are so-called "affiliates" such as scattered spiders, i.e. groups that want to commit cyber attacks.
Videos by heise
The relationship between DragonForce and RansomHub has deteriorated, the Financial Times added, after DragonForce rebranded itself as a "cartel" in March and expanded its range of "services" and reach to attract more affiliate partners.
Experts at Sophos, a British security software vendor, suspect that DragonForce may have "hacked" RansomHub's website. In retaliation, a member of RansomHub penetrated DragonForce's website and called the group "traitors". Like Lewis, Rafe Pilling, Director of Threat Intelligence at Sophos, believes that the conflict between the two cybercrime gangs could, in a worst-case scenario, lead to both attacking the same victims in a battle for business. Cyber criminals are a ruthless gang, says Pilling. "A betrayal between partners can lead to the victim being blackmailed twice."
(akn)
