Cybersecurity » Ransomware Gangs Running Their Own Arbitration Forums

Ransomware Gangs Running Their Own Arbitration Forums

Two people at a table negotiating over money

October 19, 2021

After staging highly successful attacks earlier this year, first on a big meat supplier and then on software company Kaseya, ransomware gang REvil practically became a household name. Then, following a meeting between Presidents Biden and  Putin, it went dark. No direct connection was acknowledged, but it’s widely assumed there was one. In any case REvils’s disappearance, which proved to be temporary, created problems for hacker groups that had been leasing its ransomware tools, and to address those problems they did what a lot of big enterprises do. They took them to arbitration.

Early versions of these forums are said to have echoed mafia terminology, with words like “family” and “capo.” The lingo has disappeared but the basic idea persists. As one security analyst puts it: “To have order, you must make order in your own house, so of course the forum is very well managed.” Moderators investigate, conclude, and then may mete out punishment, which could range from restitution to a ban.

A serious downside for participants is that these arbitrations can’t be completely hidden and they are a trove of information for investigators.  “You don’t have to worry about getting a search warrant, or going on to a server in another country to get a forensic image,” says one analyst. Scammers are said to participate anyway because because there’s a lot of money at stake, many are from poorer countries, and because in many cases they’re desperate.

Read full article at:

Share this post: