Ransomware Gang Partnerships: Formation of Cartels

Maze Ransomware has partnered with another gang to use the former’s data leak platform for the extortion of victims.

What’s going on

The latest tactics followed by ransomware operators is to steal a victim’s unencrypted files before encrypting the network. In case of non-payment of ransom, these files are used as leverage by threatening to release them in public. The ransomware group to have joined the Maze cartel is none other than Ragnar Locker

A tad bit history

  • The first ransomware gang to team up with Maze was LockBit.
  • The formation of an extortion cartel was confirmed when Maze operators uploaded information on their data leak site, which was found to be LockBit’s campaign.
  • Maze’s platform is not only used for posting company data but also for sharing reputation and experience.

Worth noting

  • Although Ragnar Locker has its own data leak site, the purpose of joining the Maze ransomware club is yet unknown. 
  • Experts envisage that Maze might be benefitting from these team-ups with a piece of profits from successful extortion techniques. 

To conclude

The growing collaboration between ransomware operators is a concerning development. The sharing of tactics, data leak site, and advice between ransomware operators will provide with them more power and capabilities to extort large amounts of ransom.