"LockBit Ransomware Now Poaching BlackCat, NoEscape Affiliates"

The LockBit ransomware operation is now starting to recruit affiliates and developers from the BlackCat/ALPHV and NoEscape ransomware gangs after recent disruptions and exit scams.  Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly became inaccessible without warning.  According to affiliates associated with NoEscape, the ransomware operators pulled an exit scam, stealing millions of dollars in ransom payments and shutting off the operation's web panels and data leak sites.  NoEscape is believed to be a rebrand of the Avaddon ransomware operation.  The BlackCat/ALPHV ransomware operation also suffered a 5-day disruption last week, with all their infrastructure going offline, including their data leak and negotiation sites.  On Monday, the ALPHV data leak site returned with all data removed.  While some negotiation URLs are working, many are not, effectively halting negotiations for those victims.  Security researchers noted that it is too soon to tell whether affiliates and penetration testers have lost trust in BlackCat or NoEscape and are moving to other operations.  However, it would not be surprising if we soon see another rebrand.

 

BleepingComputer reports: "LockBit Ransomware Now Poaching BlackCat, NoEscape Affiliates"

Submitted by Adam Ekwall on