396/68 Friday, October 10, 2025
Three notorious cybercriminal groups in the ransomware ecosystem-LockBit, Qilin, and DragonForce-have announced the formation of a “cartel-style alliance” to share information, techniques, and resources, while also inviting other cybercrime groups to join the collaboration. The announcement comes shortly after LockBit unveiled its new “LockBit 5.0” service, marking a move that could reshape the future landscape of ransomware attacks.
According to the latest ReliaQuest threat report, the purpose of the alliance is to enhance each group’s operational capabilities, particularly LockBit, which faced a major international law enforcement crackdown last year led by the UK and global partners. That operation seized LockBit’s infrastructure, exposed its leadership, and led to multiple arrests. Qilin is known for its past attack against Japan’s Asahi, while DragonForce is a newer player in the field, offering Ransomware-as-a-Service (RaaS) under its own brand. This collaboration mirrors the 2020 alliance between LockBit and Maze, which pioneered the double extortion tactic-encrypting systems while simultaneously stealing data to pressure victims.
Cybersecurity experts warn that the partnership may be a double-edged sword, especially for smaller groups like DragonForce. Since LockBit remains under U.S. sanctions, any association could prevent DragonForce from lawfully collecting ransom payments, potentially undermining its financial gains. Nonetheless, experts recommend organizations continue adhering to fundamental ransomware defense measures:
- Deploy reliable and updated security solutions
- Regularly apply security patches
- Restrict RDP access
- Use device-based certificates to prevent unauthorized logins with stolen VPN credentials
Source https://www.darkreading.com/cyberattacks-data-breaches/extortion-gangs-join-forces-ransomware-cartel
