"We LAPSUS$, Trihash, Yurosh, yaxsh, WyTroZz, N3z0x, Nitroz, TOXIQUEROOT, Prosox, Pertinax, Kurosh, Clown, IntelBroker, Scattered Spider, Yukari, and among many others, have decided to go dark."
"Scattered Spider has been involved in several breaches that made headlines, particularly in the retail sector earlier this summer, in which they claimed responsibility for attacks on Victoria's Secret, Harrods and more. The group switched targets to the insurance sector as well as the transportation and airlines industry later in the summer. After involvement in many major breaches, Scattered Spider joining a collection of other allegedly retiring ransomware groups may seem strange - but many cyber experts believe this is not a true retirement announcement at all."
"When ransomware groups like Scattered Spider or Lapsus$ announce they're 'going dark,' it should be taken with a massive grain of salt. It's like a shoplifter saying they promise they won't shoplift anymore. It could happen, but it's very unlikely. These groups rarely just disappear; more often they rebrand, tweak their internal structure, or shift their tactics and techniques. At the end of the day, walking away from a business model that generates millions, even if it's illegal, isn't something most of them are likely to do."
At least 15 ransomware groups declared they were 'going dark,' listing names including LAPSUS$, Trihash, Scattered Spider, and others. Scattered Spider previously claimed high-profile retail breaches (Victoria's Secret, Harrods) and later targeted insurance, transportation, and airlines. Retirement announcements from criminal groups commonly precede rebranding, internal restructuring, or changes in tactics rather than permanent shutdown. The ransomware ecosystem generates substantial illicit revenue, creating strong incentives to resume operations under new identities or methods. Groups frequently form and dissolve to reduce attention on a single identifiable collective while continuing criminal activity in different configurations.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]