Skip to content

Ransomware gangs form cartel-like structures

June 9, 2020

Recent ransomware attacks by well-known cybercriminals have suggested gangs forging cartel-like alliances to pressure their respective victims to pay what they ask for as ransom.

Cointelegraph has access to what appears to be a Darknet site that belongs to the Maze group. Maze has lost stolen data on the website since Sunday.

The main feature that needs to be highlighted is that The gang notes that Ragnar Locker, another ransomware group, provided the information because the title of the blog post is: “MAZE POSTER Provided by Ragnar”. Some of the victims mentioned are companies based in the United States.

Ransomware gangs form cartel-like structuresRansomware gangs form cartel-like structures

Brett Callow, a threat analyst at the Emsisoft malware laboratory, explained this to Cointelegraph The Ragnar Locker leak is currently offline, suggesting that the spot may have been removed permanently and plans to spread any future leaks across Maze. However, he made it clear that this has not yet been confirmed.

Data leaks become a pattern in maze ransomware attacks

Maze shared data stolen from ransomware attacks against companies in various industries through the group’s Darknet website when victims refused to pay the ransom.

Cyber ​​intelligence company Kela announced that maze operators added another group of stolen data sometime in the first week of June, but from another ransomware gang called LockBit.

Will future alliances come soon?

In statements sent to BleepingComputer on June 3, the Maze Group said the following:

“In a few days, another group will appear on our news website. We all see this collaboration as the path that leads to mutually beneficial results for both stakeholders and businesses.”

The average ransom payments requested by groups exceed $ 100,000 per incident, often in Bitcoin (BTC) and Monero (XMR).. In some reports, victims are said to have paid up to “million” dollars.

Callow commented on the stolen Ragnar Locker data, which is available on the Maze website:

“Ragnar Locker will likely rely on the recognition of the Maze group’s name to continue to pressurize companies to meet their needs. While this is only the second type of collaboration that we know of, other groups will likely be different join the cartel if they think it would be financially beneficial to them. “

Maze’s recent attacks

The Maze ransomware group has made several headlines due to its recent attacks.

Cointelegraph reported on May 6 that the gang had infected two US-based plastic surgery studies with ransomware. USA The patient’s social security numbers and other confidential information were subsequently published on the Internet.

Maze recently claimed to have hacked a large egg producer, Sparboe.