Ransomware Groups Change Identities to Evade Cybercops

Ransomware Groups Change Identities to Evade Cybercops

Ransomware Groups Change Identities to Evade Cybercops

https://www.pymnts.com/cybersecurity/2026/ransomware-groups-change-identities-to-evade-cybercops/

Publish Date: 2026-07-13 14:54:00

Source Domain: www.pymnts.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. Ransomware hackers have reportedly begun rebranding to escape digital law enforcement.

As the Wall Street Journal (WSJ) reported Monday (July 13), this isn’t a new tactic, but one that is happening more frequently as cyberdefenders adopt better security tools.
Stopping ransomware attacks has “become a game of whack-a-mole,” with the number of ransomware and data-extortion attacks jumping from 1,363 in the first three months of year to 1,885 in the first quarter of 2026, the report said, citing cybersecurity firm ZeroFox.
“Cybercriminal groups are constantly reinventing themselves,” said Brian Carlson, chief technology, data, digital and innovation officer in North America at food services and facilities management company Sodexo.
Whether hackers show up using a new name or begin employing new tactics, Carlson said, “organizations can’t rely on yesterday’s defenses to address today’s threats.”
And Steven Masada, assistant general counsel at Microsoft’s digital crimes division, told the WSJ ransomware groups tend to rebrand following web takedowns, media exposure, sanctions or even a loss of trust within the underground economy.

Aside from new names, other changes can include new infrastructure providers, communication platforms, malware tools, payment methods and affiliates — or completely new business models, Masada said.
“As AI and automation lower barriers to entry, threat actors can evolve their tactics even faster, making rebranding and reinvention an increasingly common feature of the cybercrime ecosystem,” he added.
Dick O’Brien, principal intelligence analyst on cybersecurity firm Symantec’s threat hunter unit, said cybercrime rebranding “probably happens more often than we know.”
O’Brien’s company said last week that an analysis of recent attacks by a group going by the name GodDamn Ransomware found “significant overlap” with a previous hacking group known as Beast, which was itself a repackaging of a group known as “Monster.”
In other cybersecurity news, recent PYMNTS Intelligence and Trulioo research found that 76% of financial services firms earn at least three-quarters of their revenue through digital channels, making ID verification a larger business concern.
That’s because “every failed check, inconsistent result or slow onboarding step can affect growth, fraud prevention and customer experience,” as PYMNTS wrote last week.
For banks, FinTechs and other financial services companies, the issue is not that digital identity systems are failing altogether. Most firms are still confident in their know your customer (KYC) and know your business (KYB) processes.
“The problem is that digital dependence raises the cost of ‘good enough,’” the report added. “Identity systems now work like airport security for digital finance. They need to stop fraudsters without making legitimate customers miss the flight.”