A new type of ransomware syndicate has been classified by a cybersecurity firm named Privateers. These ransomware syndicates compose of threat actors that are financially motivated and government-backed cybercriminals prosecuted and hunted by law enforcement; however, they do not have the same status as state-sponsored APT hacking groups.
According to the report, the Privateers are not sponsored or influenced by any government, but they have some global government protection.
In this setup, the state backing these groups does not necessarily mean they receive a direct advantage from the hacking group. However, the state supporting them reaps benefits and gifts while the group targets geopolitical rivals. Usually, unofficial state protection exhibits a lack of law enforcement action, even when other countries demand normal channels. One such example is the DarkSide ransomware gang which recently attacked Colonial Pipeline in the US. Lockbit ransomware is another example that is known to skipping Russia and its allied countries as targets.
Cybersecurity researchers have categorized these international threat actor groups into three-tier categories:
- First-tier threat actor groups include Lazarus APT, a North Korean government-funded hacking group.
- The second tier includes Gamarendon and PROMETHIUM, Gamaredon is not a part of the Russian intelligence agency; it is believed, however, that they collected and passed intelligence to Russian interests.
- Privateers belong to the Third-tier cybercrime groups and usually target government agencies, government organizations, and large enterprise companies. The Privateer group’s malicious activity campaigns have the potential to cause social disturbances.
In conclusion, the new ransomware syndicate, Privateers, is now becoming prevalent and is projected to transform the landscape of cyber threats in the years to come. Though these hacking groups fall a tier lower than APT groups sponsored or funded by governments, they have the potential impact to cause damaging financial and cyber espionage attacks to organizations and governments worldwide.