Scattered Spider [1] [2] [3], a cybercrime group previously associated with ALPHV/BlackCat, has recently joined RansomHub [1], a ransomware-as-a-service (RaaS) operator [3].

Description

Following the disbandment of ALPHV/BlackCat after receiving a ransom payment from Change Healthcare [1] [3], Scattered Spider has shifted its focus to conducting ransomware operations with RansomHub. The collapse of BlackCat and LockBit has paved the way for a new RaaS model [1] [3], with groups like RansomHub vying for affiliates [3]. Scattered Spider [1] [2] [3], known for targeting organizations such as MGM International and Caesars Entertainment, has now turned its attention to UnitedHealth Group with a second extortion demand, threatening to release stolen data [1] [3]. RansomHub’s recruitment drive offers affiliates attractive ransom splits and prompt payouts, drawing in cybercriminals looking to avoid exit scams. With over 75 victims claimed since February, RansomHub is experiencing rapid growth, and the addition of skilled affiliates like Scattered Spider is expected to further expand its operations, potentially making it a more enticing option for cybercriminals.

Conclusion

The collaboration between Scattered Spider and RansomHub underscores the evolving landscape of cybercrime, with ransomware attacks becoming increasingly sophisticated and lucrative. Organizations must remain vigilant and implement robust cybersecurity measures to protect against such threats. The rise of RaaS operators like RansomHub highlights the need for enhanced cybersecurity strategies and international cooperation to combat cybercriminal activities effectively.

References

[1] https://www.infosecurity-magazine.com/news/scattered-spider-affiliated/
[2] https://www.darkreading.com/threat-intelligence/ransomhub-brings-scattered-spider-into-its-raas-fold
[3] https://islainformatica.com/scattered-spider-ahora-esta-afiliado-a-ransomhub-tras-la-salida-de-blackcat/