{"id":293959,"date":"2021-07-08T17:44:25","date_gmt":"2021-07-08T14:44:25","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/the-top-5-online-crime-gangs-running-ransomware\/"},"modified":"2021-07-08T17:44:25","modified_gmt":"2021-07-08T14:44:25","slug":"the-top-5-online-crime-gangs-running-ransomware","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/the-top-5-online-crime-gangs-running-ransomware\/","title":{"rendered":"#The top 5 online crime gangs running ransomware"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a26b5033fab9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a26b5033fab9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-5-online-crime-gangs-running-ransomware\/#DarkSide\" >DarkSide<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-5-online-crime-gangs-running-ransomware\/#REvil\" >REvil<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-5-online-crime-gangs-running-ransomware\/#Clop\" >Clop<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-5-online-crime-gangs-running-ransomware\/#Syrian_Electronic_Army\" >Syrian Electronic Army<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-5-online-crime-gangs-running-ransomware\/#FIN7\" >FIN7<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/the-top-5-online-crime-gangs-running-ransomware\/#Organized_crime_vs_organized_criminals\" >Organized crime vs organized criminals<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#The top 5 online crime gangs running ransomware<\/strong>&#8221;<\/p>\n<div><em>On the internet, nobody knows you\u2019re a dog!<\/em><\/p>\n<p>These words from Peter Steiner\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/blogs\/comic-riffs\/post\/nobody-knows-youre-a-dog-as-iconic-internet-cartoon-turns-20-creator-peter-steiner-knows-the-joke-rings-as-relevant-as-ever\/2013\/07\/31\/73372600-f98d-11e2-8e84-c56731a202fb_blog.html\">famous cartoon<\/a> could easily be <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lied to the recent <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.nzherald.co.nz\/nz\/worldwide-ransomware-attack-st-peters-college-and-10-other-schools-hit-by-us-cyber-attack\/JACHAD3OPGUOF7ZIF4PJXDPICA\/\">ransomware attack<\/a> on Florida-based software supplier Kaseya.<\/p>\n<p>Kaseya provides software services to thousands of clients around the world. It\u2019s estimated between <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.itnews.com.au\/news\/kaseya-boss-says-up-to-1500-businesses-affected-by-ransomware-attack-566942\">800 and 1,500 medium to small businesses<\/a> may be impacted by the attack, with the hackers demanding US$50 million\u00a0(<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thewest.com.au\/news\/crime\/ransomware-hackers-lower-demand-to-us50m-c-3320330\">lower than the previously reported US$70 million<\/a>) in exchange for restoring access to data being held for ransom.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Hackers behind this attack, REvil <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/ransomware?src=hash&amp;ref_src=twsrc%5Etfw\">#ransomware<\/a>-as-a-service (RaaS) group, swiftly lowered the asking price to $50 million, suggesting a willingness to negotiate their demands in return for a lesser amount.<\/p>\n<p>\u2014 The Hacker <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> (@TheHackersNews) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TheHackersNews\/status\/1412336467490209796?ref_src=twsrc%5Etfw\">July 6, 2021<\/a><\/p>\n<\/blockquote>\n<p>The global ransomware attack has been <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cbsnews.com\/news\/kaseya-atttack-biggest-known-ransomware\/\">labeled<\/a> the biggest on record. Russian cybercriminal organization REvil is the alleged culprit.<\/p>\n<p>Despite its notoriety, nobody really knows what REvil is, what it\u2019s capable of, or why it does what it does \u2014 apart from the im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>te benefit of huge sums of money. Also, ransomware attacks often involve vast distributed networks, so it\u2019s not even certain the individuals involved would <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/inside-a-ransomware-attack-how-dark-webs-of-cybercriminals-collaborate-to-pull-them-off-163015\">know each other<\/a>.<\/p>\n<p>Ransomware attacks are <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/the-increase-in-ransomware-attacks-during-the-covid-19-pandemic-may-lead-to-a-new-internet-162490\">growing exponentially<\/a> in size and ransom demand \u2014 changing the way we operate online. Understanding who these groups are and what they want is critical to take\u00a0them down.<\/p>\n<p>Here, we list the top five most dangerous criminal organizations currently online. As far as we know, these rogue groups aren\u2019t backed or <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cybernews.com\/editorial\/the-worlds-most-dangerous-state-sponsored-hacker-groups\/\">sponsored by any state<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DarkSide\"><\/span>DarkSide<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DarkSide is the group behind the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bloomberg.com\/news\/articles\/2021-06-04\/hackers-breached-colonial-pipeline-using-compromised-password\">Colonial Pipeline<\/a> ransom attack in May, which shut down the US Colonial Pipeline\u2019s fuel distribution network, triggering gasoline shortage concerns.<\/p>\n<p>The group seemingly first emerged in August last year. It targets <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2021\/05\/a-closer-look-at-the-darkside-ransomware-gang\/\">large companies<\/a> that will suffer from any disruption to their services \u2014 a key factor, as they\u2019re then more likely to pay a ransom. Such companies are also more likely to have <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/technology\/after-colonial-attack-energy-companies-rush-secure-cyber-insurance-2021-05-28\/\">cyber insurance<\/a> which, for criminals, means easy money-making.<\/p>\n<p>DarkSide\u2019s business model is to offer a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/securityboulevard.com\/2021\/05\/darkside-offered-ransomware-as-a-service-before-pipeline-attack\/\">ransomware service<\/a>. In other words, it carries out ransomware attacks on behalf of other, hidden perpetrator\/s so they can lessen their liability. The executor and perpetrator then share profits.<\/p>\n<p>Groups that offer cybercrime-as-a-service also provide online forum communications to support others who may want to improve their cybercrime skills.<\/p>\n<p>This might involve teaching someone how to combine <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2021\/05\/a-closer-look-at-the-darkside-ransomware-gang\/\">distributed denial-of-service (DDoS) and ransomware<\/a> attacks, to put extra pressure on negotiations. The ransomware would prevent a business from working on past and current orders, while a DDoS attack would block any new orders.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"REvil\"><\/span>REvil<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The ransomware-as-a-service group REvil is currently making headlines due to the ongoing Kaseya incident, as well as another recent attack on <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/fbi-attributes-jbs-ransomware-attack-to-revil\/\">global meat processing company JBS<\/a>. This group has been particularly active in 2020-2021.<\/p>\n<figure class=\"align-center \">\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"\" width=\"650\" height=\"305\" class=\"js-lazy\" src=\"https:\/\/images.theconversation.com\/files\/409893\/original\/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/news\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Ftech%2F2021%2F07%2F08%2Ftop-5-online-crime-gangs-ransomware-syndication%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: REvil\u2019s HappyBlog web site showing US$70m ransom demand. Author provided\" data-title=\"Share REvil\u2019s HappyBlog web site showing US$70m ransom demand. Author provided on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share REvil\u2019s HappyBlog web site showing US$70m ransom demand. Author provided on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>REvil\u2019s HappyBlog web site showing US$70m ransom demand. Author provided<\/figcaption><noscript><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/images.theconversation.com\/files\/409893\/original\/file-20210706-25-cdxsbk.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\" alt=\"\" width=\"650\" height=\"305\" class=\"\" srcset=\"\"\/><\/noscript><\/figure><figcaption><span class=\"attribution\"\/><\/figcaption><\/p>\n<\/figure>\n<p>In April, REvil stole technical data on unreleased Apple products from Quanta Computer, a Taiwanese company that assembles Apple laptops. A <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.theguardian.com\/technology\/2021\/apr\/22\/ransomware-hackers-steal-plans-upcoming-apple-products\">ransom of US$50 million<\/a> was demanded to prevent public release of the stolen data. It hasn\u2019t been revealed whether or not this money was paid.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Clop\"><\/span>Clop<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The ransomware <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/clop-ransomware\/\">Clop<\/a> was created in 2019 by a financially motivated group responsible for yielding <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2021\/06\/ukrainian-police-nab-six-tied-to-clop-ransomware\/\">half a billion US dollars<\/a>.<\/p>\n<p>The Clop group\u2019s specialty is \u201cdouble-extortion\u201d. This involves targeting organizations with ransom money in exchange for a decryption key that will restore the organization\u2019s access to stolen data. However, targets will then have to pay extra ransom to not have the data released publicly.<\/p>\n<p>Historical examples reveal that organizations which pay a ransom once are more likely to pay again in the future. So hackers will tend to target the same organizations again and again, asking for more money each time.<\/p>\n<figure class=\"align-center \">\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"\" width=\"614\" height=\"577\" class=\"js-lazy\" src=\"https:\/\/images.theconversation.com\/files\/409895\/original\/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/news\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Ftech%2F2021%2F07%2F08%2Ftop-5-online-crime-gangs-ransomware-syndication%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: ClopLeaks website showing directly downloadable ransom files. Author provided\" data-title=\"Share ClopLeaks website showing directly downloadable ransom files. Author provided on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share ClopLeaks website showing directly downloadable ransom files. Author provided on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>ClopLeaks website showing directly downloadable ransom files. Author provided<\/figcaption><noscript><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/images.theconversation.com\/files\/409895\/original\/file-20210706-13-1ammbxm.png?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\" alt=\"\" width=\"614\" height=\"577\" class=\"\" srcset=\"\"\/><\/noscript><\/figure><figcaption\/><\/p>\n<\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Syrian_Electronic_Army\"><\/span>Syrian Electronic Army<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Far from a typical cybercrime gang, the Syrian Electronic Army has been launching online attacks since 2011 to promote political propaganda. With this motive, they have been dubbed a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.akamai.com\/uk\/en\/resources\/syrian-electronic-army.jsp\">hactivist<\/a> group.<\/p>\n<p>While the group has <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/opennet.net\/emergence-open-and-organized-pro-government-cyber-attacks-middle-east-case-syrian-electronic-army\">links<\/a> with Bashar al-Assad\u2019s regime, it\u2019s more likely made up of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cvir.st-andrews.ac.uk\/articles\/10.15664\/jtr.1294\/\">online vigilantes<\/a> trying to be <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/opencanada.org\/new-face-syrian-electronic-army\/\">media auxiliary<\/a> for the Syrian army.<\/p>\n<p>Their technique is to distribute <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bbc.com\/news\/world-middle-east-22287326\">fake news<\/a> through reputable sources. In 2013, a single tweet sent by them from the official account of the Associated Press, the world\u2019s leading news agency, had the effect of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/news\/worldviews\/wp\/2013\/04\/23\/syrian-hackers-claim-ap-hack-that-tipped-stock-market-by-136-billion-is-it-terrorism\/\">wiping billions<\/a> from the stock market.<\/p>\n<figure class=\"align-center \">\n<p><figure class=\"post-image post-mediaBleed aligncenter\"><img loading=\"lazy\" decoding=\"async\" alt=\"\" width=\"604\" height=\"303\" class=\"js-lazy\" src=\"https:\/\/images.theconversation.com\/files\/409836\/original\/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\"\/><figcaption><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/thenextweb.com\/news\/#\" data-url=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Feditorial.thenextweb.com%2Ftech%2F2021%2F07%2F08%2Ftop-5-online-crime-gangs-ransomware-syndication%2F&amp;via=thenextweb&amp;related=thenextweb&amp;text=Check out this picture on: The fake AP tweet from the Syrian Electronic Army. www.theatlantic.com\/\" data-title=\"Share The fake AP tweet from the Syrian Electronic Army. www.theatlantic.com\/ on Twitter\" data-width=\"685\" data-height=\"500\" class=\"post-image-share popitup\" title=\"Share The fake AP tweet from the Syrian Electronic Army. www.theatlantic.com\/ on Twitter\"><i class=\"icon icon--inline icon--twitter--dark\"\/><\/a>The fake AP tweet from the Syrian Electronic Army. www.theatlantic.com\/<\/figcaption><noscript><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/images.theconversation.com\/files\/409836\/original\/file-20210706-13-w5mk2t.jpg?ixlib=rb-1.1.0&amp;q=45&amp;auto=format&amp;w=754&amp;fit=clip\" alt=\"\" width=\"604\" height=\"303\" class=\"\" srcset=\"\"\/><\/noscript><\/figure><figcaption><span class=\"attribution\"\/><\/figcaption><\/p>\n<\/figure>\n<p>The Syrian Electronic Army exploits the fact that most people online have a tendency to interpret and react to content with an implicit sense of trust. And they\u2019re a prime example of how the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/17440572.2012.759508?casa_token=8oYWCR5Hos4AAAAA%3Adkm-B8CSG9cg9d6GrvxHY0uGqzzxuD9jeSX43_DsIGkcAz1y-iStjCkWjTipxFcaNO0X9vldSJZLfoQ\">boundaries<\/a> between crime and terror groups online are less distinct than in the physical world.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"FIN7\"><\/span>FIN7<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If this list could contain a \u201csuper villain\u201d, it would be FIN7. Another Russian-based group, FIN7 is arguably the most <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.wired.com\/story\/fin7-carbanak-hacking-group-behind-a-string-of-big-breaches\/\">successful<\/a> online criminal organization of all time. Operating since 2012, it mainly works as a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/geminiadvisory.io\/fin7-syndicate-hacks-saks-fifth-avenue-and-lord-taylor\/\">business<\/a>.<\/p>\n<p>Many of its operations have been undetected for years. Its data breaches have exploited <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2017\/03\/fin7_spear_phishing.html\">cross-attack<\/a> scenarios, wherein the data breach serves multiple purposes. For example, it may enable extortion through ransom while also allowing the attacker to use data against victims, such as by reselling it to a third party.<\/p>\n<p>In early 2017, FIN7 was alleged to be behind an attack targeting <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.scmagazine.com\/home\/security-news\/network-security\/fin7-spearphishing-campaign-targets-sec-filings\/\">companies providing filings<\/a> to the US Security and Exchange Commission. This confidential information was exploited and used to obtain ransom which was then invested on the stock exchange.<\/p>\n<p>As such, the groups made huge sums of money by trading on confidential information. The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.amf-france.org\/sites\/default\/files\/2020-02\/study-stock-market-cybercrime-_-definition-cases-and-perspectives.pdf\">insider trading<\/a> scheme facilitated by hacking went on for many years \u2014 which is why it\u2019s not possible to quantify the exact amount of economic damage. But it\u2019s estimated to be well over US$1 billion.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Organized_crime_vs_organized_criminals\"><\/span>Organized crime vs organized criminals<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>When it comes to complex criminal organizations, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/attack.mitre.org\/techniques\/enterprise\/\">techniques<\/a><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.trendmicro.com\/vinfo\/au\/security\/news\/cybercrime-and-digital-threats\/ransomware-double-extortion-and-beyond-revil-clop-and-conti\">evolve<\/a> and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/link.springer.com\/article\/10.1007\/s12117-018-9342-y\">motives<\/a> vary.<\/p>\n<p>The way they organize themselves and commit crimes online is very different from your local offline gang. Ransomware can be launched from anywhere in the world, so it\u2019s very difficult to prosecute these criminals. Matters are made even more complicated when several parties coordinate across borders.<\/p>\n<p>It\u2019s no wonder the challenge for law enforcement agencies is significant. It\u2019s crucial that authorities investigating an attack are sure it was indeed perpetrated by who they suspect. But to know this, they need all the help they can get.<\/p>\n<p><em>Article by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/profiles\/roberto-musotto-872263\">Roberto Musotto<\/a>, Research fellow, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/institutions\/edith-cowan-university-720\">Edith Cowan University<\/a>; <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/profiles\/brianna-oshea-1142397\">Brianna O\u2019Shea<\/a>, Lecturer, Ethical Hacking and Defense, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/institutions\/edith-cowan-university-720\">Edith Cowan University<\/a>, and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/profiles\/paul-haskell-dowland-382903\">Paul Haskell-Dowland<\/a>, Associate Dean (Computing and Security), <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/institutions\/edith-cowan-university-720\">Edith Cowan University<\/a><\/em><\/p>\n<p><em>This article is republished from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\">The Conversation<\/a> under a Creative Commons license. Read the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/theconversation.com\/holding-the-world-to-ransom-the-top-5-most-dangerous-criminal-organisations-online-right-now-163977\">original article<\/a>.<\/em><\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/top-5-online-crime-gangs-ransomware-syndication\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#The top 5 online crime gangs running ransomware&#8221; On the internet, nobody knows you\u2019re a dog! These words from Peter Steiner\u2019s famous cartoon could easily be applied to the recent ransomware attack on Florida-based software supplier Kaseya. Kaseya provides software services to thousands of clients around the world. It\u2019s estimated between 800 and 1,500 medium&#8230;<\/p>\n","protected":false},"author":1,"featured_media":293960,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2019\/07\/android-ransomware-hed.jpg&signature=c62e6b20ac8899fa8dcc2c67cc956e03","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-293959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/293959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=293959"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/293959\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/293960"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=293959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=293959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=293959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}