Cybercriminal group closure and exit scams
Events like these have compelled cybercriminals to plot new strategies, which sometimes involves closing shop and cashing out before they get on the feds’ radar. In October 2020, the Maze ransomware group, which has breached hundreds of companies including Xerox, LG, and Canon, shut itself down over a six-week period stating they had retired their activities. However, experts have suggested this is likely a façade. Ransomware operators often shut one operation down to join another rather than exit the business completely.
“In recent years, the dark net has dramatically changed, quite organically, due to increased organized criminal organizations’ use of anonymous forums and marketplaces, the increased presence of young YouTube inspired criminal wannabes, and naturally, the subsequent increased presence of law enforcement and their attempts to infiltrate, de-anonymize, and take down such groups and hidden services,” says Mark