June 12, 2024 at 06:04AM
Last spring, BlackCat/AlphV’s ransomware implosion left affiliates without money and infrastructure. RansomHub recruited the Scattered Spider threat group with promising ads on the Dark Web, offering attractive ransom splits and payment terms to avoid exit scams. This has resulted in rapid growth for RansomHub, with a prediction for continued expansion.
Based on the meeting notes, it appears that the Ransomware-as-a-Service (RaaS) landscape has seen significant changes following the collapse of BlackCat/AlphV. One notable development is the RansomHub group’s successful recruitment of the Scattered Spider threat group, known for high-profile ransomware attacks on Caesars Entertainment and MGM Resorts in 2023.
The success of RansomHub’s recruiting campaign is evidenced by the lucrative offers and promises made to attract affiliates, such as favorable ransom splits and assurances to avoid exit scams. GuidePoint Security’s research highlights RansomHub’s rapid growth and the public disclosure of numerous victims, signaling its emergence as a prominent player in the RaaS arena. This growth is attributed to the group’s ability to attract skilled cybercriminals and generate revenue, making it an appealing option for potential affiliates. As a result, RansomHub is poised to further expand its operation and strengthen its position within the RaaS community.