December 13, 2023 at 01:25PM
LockBit ransomware operation is recruiting affiliates and developers from the recently disrupted BlackCat/ALPHV and NoEscape operations. NoEscape’s exit scam has raised concerns of lost ransom payments and decryption keys for victims, while BlackCat/ALPHV suffered a disruption possibly related to law enforcement. LockBitSupp, LockBit’s manager, seeks to recruit affiliates and a coder from these operations, potentially attracting victims as well.
Based on the meeting notes, here are the key takeaways:
1. The LockBit ransomware operation is actively recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams within these operations.
2. Both the NoEscape and the BlackCat/ALPHV ransomware operations’ Tor websites became inaccessible last week, with claims of an exit scam and millions of dollars in ransom payments stolen.
3. NoEscape is believed to be a rebrand of the Avaddon ransomware operation, which shut down in June 2021 and released their decryption keys to BleepingComputer. There is hope for the release of the decryption keys for NoEscape’s victims following the shutdown.
4. The BlackCat/ALPHV ransomware operation also experienced a 5-day disruption, with reports of a law enforcement operation possibly related to the outage.
5. LockBitSupp, the manager of the LockBit operation, has started recruiting affiliates from the BlackCat and NoEscape ransomware operations and is attempting to recruit the coder for the ALPHV encryptor.
6. It is speculated that the affiliates from the BlackMatter ransomware operation may have transitioned to LockBit after BlackMatter’s shutdown in November 2021.
These takeaways provide a clear understanding of the recent developments in the ransomware landscape and the potential impact on the affiliations and operations of these ransomware groups.