Old hackers, new platforms
This threat assessment focuses on ransomware attackers. Parts of the ransomware community have come under pressure forcing cyber criminal ransomware gangs to reorganize their business.
Criminal hackers offering Ransomware-as-a-Service (RaaS) are reorganizing their business following the May 2021 ransomware attack on the US oil company Colonial Pipeline.
Several RaaS operators have either permanently or temporarily closed down their platforms, and several top-tier dark-web forums have banned recruitment operations from their platforms. As a result, the number of RaaS attacks decreased for a short period of time over the summer of 2021. However, other RaaS operators have since been quick to take over.
It is likely that some of these seasoned cyber criminals have not ceased their malicious activities but merely switched over to new platforms, causing the number of RaaS attacks to reach the same levels as seen before the Colonial Pipeline attack.
Consequently, the fact that parts of the supply chain can be replaced without seriously disrupting or hampering criminal activities is a testament to the robustness of the supply chain in criminal networks.
Centre for Cybersecurity
October 28, 2021