Maze Ransomware adds Ragnar Locker to its extortion cartel

A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose unencrypted files were stolen.

Before encrypting a victim’s network, most network-targeting ransomware operations will steal a victim’s unencrypted files. These files are then used as leverage by threatening to release them publicly on data leak sites if a ransom is not paid.

Last week, we reported that the LockBit ransomware had teamed up with Maze Ransomware to use their data leak platform and share intelligence to drive successful extortions.

This cooperation essentially created a ‘cartel’ of independent and competing ransomware operations who collude with each other to increase profits and increase the success of their attacks.

Maze ransomware told BleepingComputer that another ransomware operator would be joining in a few days. Others were in discussion to join at a later time.

“In a few days another group will emerge on our news website, we all see in this cooperation the way leading to mutual beneficial outcome, for both actor groups and companies.”

Ragnar Locker joins ‘Maze Cartel’

Today, BleepingComputer was notified by the ‘Ransom Leaks‘ Twitter account that Maze had added the data for a victim of another competing ransomware named Ragnar Locker.

The Maze operators also have adopted the ‘cartel’ label that we associated with their cooperation with competing ransomware operations.

Ragnar Lock victim on Maze's data leak site
Ragnar Lock victim on Maze’s data leak site

It should be noted LockBit does not operate a data leak site, and thus benefits from using Maze’s platform.

Ragnar Locker, on the other hand, does have its own leak site, so it unknown what they gain from this cooperation.

It is not known how Maze benefits from this cooperation, but it could be a piece of the profits for victims who fall for this extortion tactic.

This continued cooperation between ransomware gangs is a concerning development. The sharing of advice, tactics, and a centralized data leak platform between different ransomware operations will only enable them to perform more advanced attacks, with potentially larger ransoms.


Next Post

Nobel laureate Tasuku Honjo to sue Japanese drug firm for 22 billion yen | Science

Tue Jun 9 , 2020
Immunologist Tasuku Honjo celebrates his receipt of the Nobel Prize in 2018 with his wife, Shigeko Honjo. Kyodo via AP Images By Dennis NormileJun. 8, 2020 , 11:55 AM In another high-profile case of a Japanese scientist fighting for a share of the profits generated by a key discovery, Nobel laureate Tasuku […]