Researchers Expose Hidden Alliances Between Ransomware Groups

In the rapidly evolving cyber threat landscape, understanding the true nature of ransomware operations has become increasingly complex. Gone are the days when security teams could treat each ransomware family as a discrete, unified entity.

The “post-Conti era” has ushered in a fractured marketplace of mutations, in which allegiances shift, identities blur, and hidden connections underpin the entire ecosystem.

A new collaborative research effort led by Jon DiMaggio at Analyst1, in partnership with Scylla Intel and the DomainTools Investigations Team, culminates in an illuminating infographic titled “A Visual and Analytical Map of Russian-affiliated Ransomware Groups.”

Rather than simply cataloguing individual groups, the project reveals the intricate web of relationships—spanning shared code, infrastructure overlaps, and human operator migration—that drives modern ransomware operations.

The core objective of this research was to move beyond attribution of isolated ransomware “families” and instead chart the hidden connections that bind criminal ...