{"id":2840,"date":"2025-09-16T22:52:04","date_gmt":"2025-09-16T22:52:04","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/09\/16\/fifteen-ransomware-gangs-retire-future-unclear\/"},"modified":"2025-09-16T22:52:04","modified_gmt":"2025-09-16T22:52:04","slug":"fifteen-ransomware-gangs-retire-future-unclear","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/09\/16\/fifteen-ransomware-gangs-retire-future-unclear\/","title":{"rendered":"Fifteen Ransomware Gangs \u201cRetire,\u201d Future Unclear"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Fifteen well-known ransomware groups, including Scattered Spider, ShinyHunters\u00a0and Lapsus$, have announced that they are shutting down their operations.<\/p>\n<p>The collective announcement was posted on Breachforums, where the groups claimed they had achieved their goals of exposing weaknesses in digital infrastructure rather than profiting through extortion.<\/p>\n<p>In their statement, the gangs said they would now shift to \u201csilence,\u201d\u00a0with some members planning to retire on the money they had accumulated, while others would continue studying and improving the systems people rely on daily.<\/p>\n<h2>\u201cGolden Parachutes\u201d\u00a0and Quiet Exits<\/h2>\n<p>The announcement struck a defiant tone, noting that members still in custody would not be forgotten. The groups vowed to work toward their release and hinted at retaliation against law enforcement.<\/p>\n<p>They also insisted that fears of their disappearance were misplaced, stating: \u201cIf you worry about us, don\u2019t \u2026 [we] will enjoy our golden parachutes with the millions the group accumulated. Others will keep on studying and improving [the] systems you use in your daily lives. In silence.\u201d<\/p>\n<p>Despite the claims of retirement, analysts have raised doubts about whether this marks a permanent end.<\/p>\n<p>\u201cOrganizations should take these announcements with a pinch of salt,\u201d\u00a0Nivedita Murthy, senior staff consultant at Black Duck, said.<\/p>\n<p>\u201cIt could be possible that some of these groups may have decided to step back and enjoy their payday, [but] it does not stop copycat groups from rising up and taking their place.\u201d<\/p>\n<p><em>Read more on cybercriminal rebranding strategies: Researchers Confirm BlackLock as Eldorado Rebrand<\/em><\/p>\n<h2>A Significant Roster of Names<\/h2>\n<p>Among the 15 groups that declared their exit are some of the most prominent in recent years. The full list mentioned in the post includes Scattered Spider, ShinyHunters, Lapsus$ and more than a dozen other factions tied to high-profile breaches of corporations, governments and critical service providers.<\/p>\n<p>\u201cCybercrime groups have a bit of a history when it comes to retiring that is often no more than the equivalent of lying low while the heat is on,\u201d said\u00a0James Maude, field CTO at BeyondTrust.<\/p>\n<p>\u201cBack in 2019, the GandCrab crew announced they were retiring after earning more than $2bn [&#8230;] A few months later, REvil ransomware appeared bearing all the hallmarks of the GandCrab crew.\u201d<\/p>\n<h2>Concern Over the Future<\/h2>\n<p>\u201cIt\u2019s safest to consider this announcement as more of a PR stunt than a genuine farewell,\u201d said\u00a0Casey Ellis, founder at Bugcrowd.<\/p>\n<p>\u201cHistorically, cybercriminals rarely retire in the traditional sense. Instead, they rebrand, regroup or pivot to new tactics and operations, or they get caught.\u201d<\/p>\n<p>Dave Tyson, partner of intelligence operations at iCOUNTER, echoed Ellis\u2019s views.<\/p>\n<p>\u201cIt\u2019s never retirement, it\u2019s simply part of the normal lifecycle of criminality,\u201d\u00a0he said.<\/p>\n<p>\u201cGroups come together for specific purposes, form into units to execute their plans\u00a0and exit the definable identity to lower the focus on that collective or unit.\u201d<\/p>\n<p>Whether the announcement reflects a turning point in cybercrime or a reshaping of old threats into new forms remains to be seen.<\/p>\n<p>For now, the sudden withdrawal of several notorious groups signals a shift in the underground ransomware landscape but offers little reassurance that the danger has truly passed.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Fifteen well-known ransomware groups, including Scattered Spider, ShinyHunters\u00a0and Lapsus$, have announced that they are shutting down their operations. The collective announcement was posted on Breachforums, where the groups claimed they had achieved their goals of exposing weaknesses in digital infrastructure rather than profiting through extortion. In their statement, the gangs said they would now shift<\/p>\n","protected":false},"author":2,"featured_media":2841,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2840","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2840-52bd2765-a19e-4644-950e-19ae1aa4264d-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2840"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2840\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2841"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2840"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}