A screen image of the ransom by the LockBit ransomware group. (Image provided by Recorded Future)Researchers from Intel 471 on Thursday reported that ransomware groups are increasingly becoming impacted by disgruntled affiliates, a trend that may cause serious issues for both law enforcement agencies and security teams.Beth Allen, senior threat intelligence analyst at Intel 471, said a case in point was this past quarter when LockBit files containing builder code were leaked by a disgruntled coder, an action she said demonstrates that even well-established affiliate groups can struggle with operational security.“This trend is likely to continue in the future as more affiliates become disgruntled,” Allen said. “It will likely create a power vacuum within the cyber underground, spawning an overabundance of new ransomware variants and groups, making it more difficult for law enforcement agencies to track and thwart them, and businesses to defend against them, due to alternate tactics, techniques and procedures (TTPs) used.”
Allen added that ransomware groups are almost certain to continue evolving and adapting their TTPs, along with using well-established ones, such as utilizing double extortion tactics. “The end goal of any ransomware group is to make as much money as possible in the shortest amount of time, while inflicting as much disruption as possible to achieve this,” Allen said.While Intel 471 observed 455 ransomware attacks in Q3 of this year, a decrease of 72 attacks from Q2, Allen pointed out that overall, the number of businesses impacted by ransomware will likely increase because it’s seen as a highly lucrative business model.“So with economic instability being predicted globally, individuals will possibly turn to criminal means conducted from the comfort of their own home as a way to supplement their income,” Allen said.Mike Parkin, senior technical engineer at Vulcan Cyber, added that while an apparent reduction in ransomware attacks is welcome, it doesn’t mean we’re “winning the war,” against these cybercriminal gangs. Parkin said the frequency of these attacks ebb and flow based on everything from law enforcement activity to what exploits are effective to internal politics within, or between, the gangs.“It’s entirely possible that the advantage currently lies with the defense, at least for now, however, it’s not something we can count on,” Parkin explained. “It’s impossible to predict when the next wave of cybercrime will come rolling in, but we know that it will.”
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Despite a year-over-year and quarter-over-quarter increase in active ransomware operations, organizations claimed to have been compromised by ransomware gangs have dropped by 22.9% between the first and second quarter of 2025, reports CRN.
U.S. multinational doughnut and coffeehouse chain Krispy Kreme has been filed with a class action lawsuit alleging its negligence in a November data breach by the Play ransomware gang that affected 161,676 individuals, Cybernews reports.
Cybernews reports that popular Chicago-based classical music radio station WFMT had its systems claimed to have been compromised by the Play ransomware operation, which has already leaked a portion of the pilfered data.
