GuidePoint Security has revealed that it has discovered three RaaS groups attempting to recruit new members through advertisements on illicit forums on the dark web following Alphv and LockBit law enforcement disruptions, identifying Cloak on UFO Labs and Medusa and RansomHub on the Russian-language RAMP forum for posting ads.
Each ad had a boilerplate with a short group description, ransom split rates, and contact for TOX. Cloak’s ad was the least remarkable, with few unique features that entice a potential affiliate with options. Medusa was particularly appealing with a sliding payout scale and affiliate/core split dependent on the size of the ransom payment obtained, incentivizing the appearance of high ransom demands. RansomHub was less materialistic, implicitly addressing the crisis of confidence in RaaS groups by declaring that its affiliates could collect ransom payments directly before paying the core group a 10% fee.
GuidePoint Security’s analysis observations include signs of distrust and discontent among RaaS groups and affiliates, indicating that the model is increasingly scrutinized.
You can read the report here.
Like this:
Like Loading...
Related
This entry was posted on March 20, 2024 at 9:00 am and is filed under Commentary with tags GuidePoint. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
GuidePoint Security Details RaaS Recruitment Efforts Following Law Enforcement Disruption Of Other RaaS Groups
GuidePoint Security has revealed that it has discovered three RaaS groups attempting to recruit new members through advertisements on illicit forums on the dark web following Alphv and LockBit law enforcement disruptions, identifying Cloak on UFO Labs and Medusa and RansomHub on the Russian-language RAMP forum for posting ads.
Each ad had a boilerplate with a short group description, ransom split rates, and contact for TOX. Cloak’s ad was the least remarkable, with few unique features that entice a potential affiliate with options. Medusa was particularly appealing with a sliding payout scale and affiliate/core split dependent on the size of the ransom payment obtained, incentivizing the appearance of high ransom demands. RansomHub was less materialistic, implicitly addressing the crisis of confidence in RaaS groups by declaring that its affiliates could collect ransom payments directly before paying the core group a 10% fee.
GuidePoint Security’s analysis observations include signs of distrust and discontent among RaaS groups and affiliates, indicating that the model is increasingly scrutinized.
You can read the report here.
Share this:
Like this:
Related
This entry was posted on March 20, 2024 at 9:00 am and is filed under Commentary with tags GuidePoint. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.