A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.

Before encrypting a victim’s network, most network-targeting ransomware operations will steal a victim’s unencrypted files. These files are then used as leverage by threatening to release them publicly on data leak sites if a ransom is not paid.

Last week, we reported that the LockBit ransomware had teamed up with Maze Ransomware to use their data leak platform and share intelligence to drive successful extortions.

This cooperation essentially created a ‘cartel’ of independent and competing ransomware operations