Hacker 'Turf War' Unfolding as Russian DragonForce Ransomware Gang Drama Could Lead to 'Double Extortions'
Ransomware has become a powerful tool for cybercriminals to extort money from organizations that haven't implemented proper security and backup protocols. The dark web is a primary hub for this illicit activity, where hackers sell their services to attract more affiliate partners.
This year, several "gangs" have emerged as prominent players in the ransomware world, with Russia being a hotbed of cybercrime activity. One such group, DragonForce, has been involved in high-profile attacks and is now embroiled in a turf war with its rivals, RansomHub.
RansomHub expanded its services and reach to attract more affiliate partners, which has raised concerns among experts that it will lead to "double extortions" – a situation where two groups demand payment from the same organization. This can make it even harder for ransomware victims to recover from an incident, especially if they're unable to afford paying multiple cybercriminals.
Genevieve Stark, head of cybercrime analysis at Google Threat Intelligence Group, expressed concerns about the implications of this turf war on ransomware and data theft extortion victims. However, it's worth noting that the instability within the extortion ecosystem is not new and has been present regardless of whether two groups are engaging in a virtual scuffle over their illicit dealings.
Historically, disputes between ransomware gangs have led to in-fighting rather than worse outcomes for potential victims. For example, DragonForce took down RansomHub's dark web site, while the Conti ransomware group imploded after Russia invaded Ukraine in 2022 due to internal conflicts.
A recent case that highlights the double extortion phenomenon is the UnitedHealth Group incident. A ransomware affiliate called Notchy turned to RansomHub to continue extorting UHG subsidiary Change Healthcare even after it paid a $22 million ransom, which was reportedly stolen by BlackCat / ALPHV as part of an exit scam.
Organizations have been caught up in thief-on-thief drama before. To avoid getting entangled in these conflicts, some organizations have refused to pay ransoms, like Welthungerhilfe, a German nonprofit that has stood firm against extortion demands.
In light of this developing situation, it's essential for organizations to be cautious and refuse to give in to the demands of cybercriminals. By not paying ransoms, they can put an end to the turf war and prevent further exploitation. Let's hope that organizations respond in a similar manner to Welthungerhilfe, thereby limiting the damage caused by DragonForce and RansomHub's conflict.
Stay Up-to-Date with Tom's Hardware
If you want to stay informed about the latest developments in cybersecurity, make sure to follow Tom's Hardware on Google News. We'll be providing regular updates on this story and other breaking news in the tech industry.
Sign up for our newsletter to get our best news and in-depth reviews straight to your inbox. It's free and easy to subscribe – just click the Follow button and we'll take care of the rest.
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry. You can follow him on social media or reach out to him with any questions or comments.