Old hackers, new platforms

This threat assessment focuses on ransomware attackers. Parts of the ransomware community have come under pressure forcing cyber criminal ransomware gangs to reorganize their business.

Criminal hackers offering Ransomware-as-a-Service (RaaS) are reorganizing their business following the May 2021 ransomware attack on the US oil company Colonial Pipeline.

 

Several RaaS operators have either permanently or temporarily closed down their platforms, and several top-tier dark-web forums have banned recruitment operations from their platforms. As a result, the number of RaaS attacks decreased for a short period of time over the summer of 2021. However, other RaaS operators have since been quick to take over.

 

It is likely that some of these seasoned cyber criminals have not ceased their malicious activities but merely switched over to new platforms, causing the number of RaaS attacks to reach the same levels as seen before the Colonial Pipeline attack.

 

Consequently, the fact that parts of the supply chain can be replaced without seriously disrupting or hampering criminal activities is a testament to the robustness of the supply chain in criminal networks.

  • Author

    Centre for Cybersecurity

  • Release Date

    October 28, 2021

Download publication

Related

Storebæltsbroen i Danmark (FOTO: Shutterstock)

The Cyber Threat Against Denmark

The national cyber threat assessment from CFCS.

Skruetvinge. FOTO: Shutterstock

Double extortion

Ransomware actors threatening to leak data.

Hackere, FOTO: SeventyFour/Shutterstock

Organised Cyber Criminals

Threat assessment of the collaboration between cyber criminals.