Security experts flag rise of 'cyber cartels'

Organising themselves along the lines of drug cartels, cyber criminals are ‘changing the rules of ransomware’ attacks to keep ahead of efforts to thwart their activities. So says a new report from the cyber analytics experts at CyberCube.

These new ‘cartels’, formed to execute attack campaigns collaboratively, are expanding the playbook used by hackers to include so-called ‘double-extortion’, data exfiltration and data modification.

Further, the groups behind ransomware payloads will be responsible for the majority of attritional losses in the insurance market, and potentially even aggregation events due to cyber attacks, according to the report.

Darren Thomson, CyberCube’s head of cyber security strategy and one of the report’s authors, said: “Ransomware is now right at the top of the agenda for cyber insurers, reinsurers and brokers. This is because cyber criminals are continuing to adjust and improve their ransomware approaches in response to increasingly sophisticated cyber defence – and to reap as much reward as possible.

“What we’re seeing now is the rise of cyber cartels – loose affiliations of criminal hackers intent on gaining the maximum amount of money possible. They’re doing this by introducing new tactics into their attacks. This keeps them ahead of advances in security and allows them to extort money not once but twice.”

The report warns insurers to expect the criminal cartels to continue to target high-profile organisations including Fortune 500 companies, having researched their ability to pay a ransom prior to the attack. In addition, the techniques used to conduct these attacks are becoming more sophisticated and more targeted in the 2021 period.

In a double extortion attack, hackers both encrypt the victim’s data, and also copy it to one of their own servers. Once the victim has paid the ransom, the cyber cartel still has the data in its possession, which it can use for the purpose of further extortion. Double-extortion first appeared in 2019 and gained popularity in 2020.

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks.

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021

Advertisement