Skip to main content

Ransomware authors are joining forces

(Image credit: Image source: Shutterstock/Nicescene)

Ransomware operators are dangerous enough on their own, but multiple groups are now teaming up to wreak even more havoc.

This is according to a new report from Positive Technologies, based on analysis of cyberincidents that occurred in the second quarter of the year.

According to the report, the operators of LockBit and Ragnar Locker (opens in new tab) strains have joined forces with Maze, which the report describes as the “industry leader”. Now, all three groups post data stolen in various attacks on Maze’s data leak site.

A Positive Technologies analyst, Yana Avezova, calls this group of collaborators the “Maze Cartel”.

In the past quarter alone, ransomware operators are said to have made “millions of dollars”. The report lists the NetWalker attack on a medical school in California as an example, in which incident the ransomware operator allegedly received $1.4 million in ransom.

In another incident, when an unnamed American law firm refused to give in to ransom demands, Sodinokibi operators began selling off the data they gathered during the heist, including information on Donald Trump and Madonna. Each file had a starting bid of $1 million.

Maze and Sodinokibi operators were the most active in the second quarter of the year, the report concluded.

In the early days of ransomware (opens in new tab), criminals would simply encrypt the data and demand money in exchange for the decryption key. Today, however, many businesses hold data backups to shield against this kind of extortion, so criminals have taken to downloading data to use as leverage.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.