AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police

Share post:

Seemingly stunned by this week’s action by law enforcement agencies in several countries,  members of two ransomware groups allegedly talked about forming a partnership.

Security researchers on Twitter/X posted an online conversation that appears to be between a member of the AlphV/BlackCat ransomware group, whose sites were taken down, and a member of the LockBit ransomware gang.

“LockBit is right, we should all join a cartel or they will hunt us all down one by one,” an alleged AlphV/BlackCat gang member said.

In a commentary, Keegan Keplinger, senior security researcher with eSentire’s Threat Response Unit, noted that “as of December 21, AlphV still has a blog site up and running, and they posted a new victim as recently as December 20, alongside several other recent victims, who had appeared previously on their main data leak site.

“Whether or not the AlphV ransomware group rebrands to a new ransomware or not, it’s likely they’ll maintain most of their affiliate relationships to some degree. Because they face disruption efforts, some affiliates may be cautious not to invest time and energy into operations that may be disrupted or sanctioned from ransomware payments.  However, if AlphV rebrands, they get to reset their heat meter with law enforcement while maintaining much of the relationships and reputation they’ve developed in the cybercrime market.

One of the AlphV/BlackCat gang’s most loyal and longtime affiliates is the Gootloader cybercrime group, Keplinger noted. The Gootloader operators, like the leaders of the AlphV/BlackCat, are Russian-speaking, and they have been running sophisticated, meticulously-planned attack campaigns, non-stop, for the past three and a half years.

Gootloader is a browser-based threat delivered through search engine optimization (SEO) poisoning. The gang has hijacked thousands of vulnerable WordPress blogs and injected them with malicious content, linked to no fewer than 3.5 million search terms, many of which are legal terms. As a result, a lawyer or paralegal who searches the Web for specific content, such as a type of legal agreement, may find the top search result leads to a Gootloader-infected file. The Gootloader operation infects about 30 computers a day on average, eSentire said.

The assault on AlphV/BlackCat raises the question of how the operators of Gootloader will respond, Keplinger said. It might drop AlphV/BlackCat in favour of another ransomware strain, such as LockBit or Clop (Cl0p), he said.

This year, the FBI took down the Hive ransomware gang and arrested the alleged head of BreachForums. The alleged operators behind DoppelPaymer ransomware gang were arrested. And the suspected developer of the Ragnar Locker ransomware gang was nabbed in Paris.

The post AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways