Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
ViewQwest partners with Zero Networks to deliver automated microsegmen...
Collaboration and data security for today’s agentic workspace
Long unheeded calls for global ratification of cloud reassurance frame...
Urgent cybersecurity threats linked to quantum computing every IT deci...
Oct 2025 Patch Tuesday fixes 183 vulnerabilities, including two zero d...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Collaboration and data security for today’s agentic workspace

      Collaboration and data security for today’s agentic workspace

      Wednesday, October 22, 2025, 1:42 PM Asia/Singapore | Features, Newsletter, Tips
    • Featured

      The AI paradox in cybersecurity

      The AI paradox in cybersecurity

      Wednesday, October 15, 2025, 11:24 AM Asia/Singapore | Features, Newsletter
    • Featured

      Addressing Asia Pacific’s rising insider threats

      Addressing Asia Pacific’s rising insider threats

      Wednesday, October 15, 2025, 10:18 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

News

When do rival ransomware-as-a-service groups co-operate in competition?

By CybersecAsia editors | Tuesday, April 8, 2025, 10:07 PM Asia/Singapore

When do rival ransomware-as-a-service groups co-operate in competition?

According to recent investigations, “coopetition” is called for when one RaaS group, however new, has a novel new weapon to offer

Threat researchers investigating the new Ransomware-as-a-Service (RaaS) group RansomHub have uncovered clear connections with other well-established threat actors such as Play, Medusa, and BianLian.

RansomHub prohibits its affiliate members from attacking nations from the post-Soviet Commonwealth of Independent States, Cuba, North Korea, or China. The group lures affiliates in with the promise that they will receive the whole ransom payment to their wallet, and the operators trust the affiliates to share 10% with them, something quite unique. 

Furthermore, RansomHub uses a self-developed customer Endpoint Detection and Response (EDR) “killer” called EDRKillShifter, which is being used by more affiliates. EDR killers are a specialized type of malware designed to terminate, blind, or crash the security product installed on a victim’s system — typically by abusing a vulnerable driver that is installed in the victims’ systems. Defending against EDR killers is challenging so ideally, and IT teams that do not detect and intercept the point where the vulnerable driver is installed will be at a loss when the final stages of attack are in progress.

According to Jakub Souček, Researcher, ESET, the firm that has been investigating RansomHub: “The decision to implement a killer and offer it to affiliates as part of the RaaS program is rare. Affiliates are typically on their own to find ways to evade security products — some reuse existing tools, while more technically oriented ones modify existing proofs of concept or utilize EDR killers available as a service on the Dark Web.”

This is how ESET researchers used the clue to link RansomHub with its other affiliates. While it is common knowledge that RaaS affiliates often work for multiple operators simultaneously, the links that RansomHub has established are with industry rivals that also operate a closed network. Conversely, those rivals may made exceptions to their policy due to the appeal of the former’s EDR killer malware which can be leveraged quickly and repurposed for their own needs.

Share:

PreviousWorkplace phishing vulnerabilities exposed: Essential tips for SMEs and organizations worldwide
NextAre Singaporeans ready to handle deepfakes and disinformation in the 2025 general elections?

Related Posts

Are cloud security myths driving lax data protection policies in enterprises?

Are cloud security myths driving lax data protection policies in enterprises?

Monday, November 1, 2021

Retain password authentication but fortify security with tamper-resistant MFA

Retain password authentication but fortify security with tamper-resistant MFA

Wednesday, June 14, 2023

Security upkeep lagging in almost half of APAC organizations surveyed

Security upkeep lagging in almost half of APAC organizations surveyed

Friday, September 25, 2020

Thailand’s Defence Technology Institute shores up national cyber defence training

Thailand’s Defence Technology Institute shores up national cyber defence training

Thursday, June 8, 2023

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • HOSTWAY gains 73% operational efficiency for private cloud operations  

    HOSTWAY gains 73% operational efficiency for private cloud operations  

    With NetApp storage solutions, the Korean managed cloud service provider offers a lean, intelligent architecture, …Read more
  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.