The sudden disappearance of the REvil ransomware group has prompted several of its affiliates to launch arbitration cases against the ransomware gang, which they claim failed to give them a share of profits from attacks, according to CyberScoop.
Experts said that arbitrations on ransomware forums shed light on the processes ensuring tight operation of the underground cybercrime. The process has also continued to signify trustworthiness among threat actors.
"I would say that it's like 'honor among thieves,' I suppose. It's a function that ensures that illicit commerce can progress smoothly," said Flashpoint Global Intelligence analyst Maria Gershuni.
Meanwhile, ransomware arbitrations also present an opportunity for law enforcement, according to Erik Rasmussen, a former deputy prosecuting attorney and special agent with the U.S. Secret Service and head of cybersecurity and risk management solutions at Grobstein Teeple, LLP.
"There's certainly rivalries that have led to them doxing each other, and for any investigator or law enforcement agency they are absolutely a treasure trove. It's open season on collecting that information, so you don’t have to worry about getting a search warrant, or going on to a server in another country to get a forensic image," said Rasmussen
