Ransomware Gangs Collapse as Qilin Seizes Control

The ransomware landscape is undergoing a turbulent realignment, marked by collapses, takeovers, and unexpected internal betrayals.

Once-dominant groups such as RansomHub, LockBit, Everest, and BlackLock have recently suffered abrupt shutdowns, operational failures, and defacements of their dark web infrastructure, revealing deep instability in the cybercriminal ecosystem.

One of the most significant shifts occurred in late March 2025, when RansomHub, widely considered the most active ransomware group of 2024, disappeared without explanation. The group had risen rapidly by operating a polished Ransomware-as-a-Service (RaaS) model, offering affiliates advanced payloads, reliable payouts, and transparent operations. Its malware supported cross-platform deployment across Windows, Linux, and ESXi systems. But just as RansomHub was consolidating its dominance, its leak site vanished.

To read the complete article see: Cybereason Blog