What Happens After a Ransomware Group is



            Disrupted?

            By Nataliia Zdrok, Senior Threat Intelligence Analyst at Binary Defense



            As  ransomware  attacks  continue  to  surge,  costing  businesses  over  $1  billion  last  year  alone,  law
            enforcement agencies are cracking down on these criminal groups by disrupting their operations and
            seizing online infrastructure.

            However, just because a ransomware group has been disrupted, that doesn’t mean it is no longer a threat
            to your company.


            The very nature of the ransomware-as-a-service (RaaS) industry makes it easy for ransomware groups
            to recover from a law enforcement disruption. These crackdowns typically involve seizing the group’s
            darknet leak sites, social media, command-and-control (C2) infrastructure, cryptocurrency wallets and






                                                                                                            159