CSO reports:
Three of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment.
DragonForce, Qilin, and LockBit announced the partnership in early September, with DragonForce proposing the collaboration shortly after LockBit reemerged with its LockBit 5.0 ransomware variant, according to a ReliaQuest report.
“Create equal competition conditions, no conflicts and no public insults,” DragonForce wrote in a post on dark web forums, translated from Russian. “ This way we can all increase our income and dictate market conditions. Call it whatever you like – coalition, cartel, etc. The main thing is to stay in touch, be friendly to each other, and be strong allies, not enemies.”
LockBit responded: “I completely agree with you. I don’t wish you anything bad. As people are to me, so I am to people,” according to communications reviewed by cybersecurity firm ReliaQuest.
DragonForce subsequently announced the coalition and invited other ransomware operators to join. “The coalition between Qilin, LockBit, and DragonForce is uniting our efforts as we collaboratively develop our direction,” ReliaQuest said in a report, showing a screengrab from DragonForce’s post.
Read more at CSO.
Update: Maybe calling this a coalition was a bit of an overstatement or premature. Read responses to ReliaQuest’s report by ZeroFox and SuspectFile.
