Why it matters: Multiple cybercrime gangs have called it quits. In an open letter to the world, the notorious hacker rings said they were retiring on their ill-gotten gains. Security experts remain skeptical, saying that the letter is a ruse – an attempt to rebrand themselves and evade recent heat from authorities.

A coalition of notorious ransomware groups has announced its retirement from cybercrime, declaring an end to years of relentless attacks that have plagued global corporations and institutions. The announcement, posted on BreachForums, follows a wave of high-profile incidents tied to Scattered Spider, Lapsus$, and several other affiliated gangs, whose exploits have repeatedly exposed vulnerabilities in security systems across multiple sectors.

In their public message, the hackers claimed they had achieved their goals. Rather than emphasizing extortion, they framed their mission as an effort to expose flaws in technology infrastructure.

"Silence will now be our strength," the announcement read. "If you worry about us, don't … [we] will enjoy our golden parachutes with the millions the group accumulated. Others will keep on studying and improving systems you use in your daily lives. In silence."

The group added that any future breaches attributed to them would have occurred before this formal shutdown.

The list of collectives is extensive, featuring more than a dozen names, including APSUS$, Trihash, Yurosh, yaxsh, WyTroZz, N3z0x, Nitroz, TOXIQUEROOT, Prosox, Pertinax, Kurosh, Clown, IntelBroker, and Yukari. These groups have become synonymous with sophisticated attacks that employ social engineering and weaknesses in multi-factor authentication systems. Jaguar Land Rover recently suffered a ransomware attack that severely disrupted operations. British retailer Marks & Spencer also fell victim to attacks.

Law enforcement's fight against the groups has been effective, arresting various group members in recent years. The retirement announcement hinted that the collectives will attempt to free imprisoned associates, claiming they could use their technical skills against those who had "humiliated" them.

IntelBroker, a prominent hacker recently arrested in France, was named as one of the "signing off" members. Authorities identified him as Kai Logan West after linking a Bitcoin address to a cryptocurrency account verified with government-issued identification, a critical mistake that led to his capture.

Speculation persists that cybercriminals may adopt new handles or regroup under fresh aliases, a well-known tactic to evade ongoing investigations. Security experts remain cautious, warning that this apparent end may be another rebranding exercise.

While researchers cannot independently verify the BreachForums post, shifting trends in ransomware incidents over the coming months may either support its claims or expose it as a feint. For now, the announcement marks a rare, if not final, pause from groups whose relentless campaigns have shaped the modern cybercrime landscape.