Affiliates of disrupted ransomware gangs sought by other operations

Cybersecurity Dive reports that the Qilin and DragonForce ransomware gangs have been scrambling for affiliates of the recently dismantled RansomHub ransomware-as-a-service operation, just as other minor ransomware groups are venturing into independent activities.

Numerous RansomHub affiliates have been attracted by Qilin's updated attack toolkit, which has been integrated with advanced distributed denial-of-service and negotiation capabilities, before RansomHub's takedown in April, an analysis from Check Point Software Technologies showed. Attacks of Qilin were then observed to increase by almost twofold during the second quarter. On the other hand, DragonForce had alleged RansomHub's transition to its platform, resulting in a significant jump in victimization in April and June. "Established players are actively competing to recruit these 'orphaned' affiliates," said the report. Additional findings revealed that the U.S. has remained the most targeted country during the second quarter. However, other ransomware gangs were observed to disproportionately target other countries.