Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures

Published at: June 9, 2020

Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests.

Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday.

The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies.

Speaking with Cointelegraph, Brett Callow, a threat analyst at malware lab Emsisoft, stated that Ragnar Locker’s leak site is currently offline, suggesting that it might have pulled the site permanently and plans to distribute all future leaks via Maze. Still, he clarified that this is not confirmed yet.

Leaking data becoming a pattern in Maze’s ransomware attacks

Maze has been leaking stolen data from ransomware attacks against companies in different industries through the group’s darknet website when the victims refuse to pay the ransom.

Cyber ​​intelligence company Kela revealed that at some point in the first week of June, Maze operators added another bunch of data stolen — but from another ransomware gang known as LockBit.

Future alliances coming up soon?

In statements sent to BleepingComputer on June 3, the Maze group said the following:

“In a few days another group will emerge on our news website, we all see in this cooperation the way leading to mutual beneficial outcome, for both actor groups and companies.”

The average ransom payments requested by the groups exceed $100,000 per incident, often in Bitcoin (BTC) and Monero (XMR). In some reports, victims are said to have paid up to “millions” of dollars.

Callow commented on the Ragnar Locker stolen data made available on Maze’s site:

“Ragnar Locker are likely banking on the Maze group’s name recognition to further pressure companies into meeting their demands. While this is only the second such collaboration that we’re aware of, it’s likely that other groups will join the cartel if they believe it is in their financial interests to do so.”

Recent Maze’s attacks

The Maze ransomware group has made a number of headlines due to its recent attacks.

Cointelegraph reported on May 6 that the gang infected two U.S.-based plastic surgery studios with ransomware. It subsequently leaked patients' Social Security numbers and other sensitive information onto the internet.

Maze recently claimed to have hacked a major egg producer, Sparboe.

Tags
Related Posts
Maze Ransomware Group Hacks Two Plastic Surgeons
A cybercrime group recently infected two plastic surgery studios with ransomware. They subsequently leaked patient’s social security numbers and other sensitive information onto the internet. Emsisoft threat analyst, Brett Callow, told Cointelegraph on May 5 that Maze recently took credit for hacking a plastic surgeon named Kristin Tarbet. They also claim to have hacked the Ashville Plastic Surgery Institute. He explained that in Tarbet’s case, the hackers have already leaked highly sensitive data: “The data that has been posted included names, addresses, social security numbers as well as what appears to be before and after photos and photos taken during …
Bitcoin / May 6, 2020
A Hacker is Attempting to Sell a Las Vegas Hotel Database for Crypto
The MGM Resort suffered a massive data breach in 2019 that left 142 million hotel guests exposed. A hacker is now selling the stolen database for roughly $2,900. According to the information revealed by ZDNet, a dark web marketplace claims that data from 142,479,937 MGM hotel guests are on sale. Preferred payment is denominated in Bitcoin (BTC) and Monero (XMR). MGM Resorts confirmed the data breach, stating that they’re aware of the scope of this previously reported incident from 2019. No financial data was leaked However, according to the research, the cybercriminal did not leak any sensitive data from the …
Technology / July 14, 2020
Ransomware Hackers Threaten to Release Credit Card Data From Costa Rican Bank
A group of hackers dubbed Maze claims to have compromised the infrastructure of Banco BCR, a Costa Rican state-owned bank, and is now threatening to leak millions of credit card numbers. On April 30, Maze claimed that it has scoped out the bank in August 2019: “According to Financial Institutions Protocol this bank had to notify other institutions about the security breach case. But nothing was made. Servers and workstations were not blocked. Private data was not secured. Anyway the Bank decided to conceal information about the breach. Though the security personnel were able to analyze the attack logs and …
Blockchain / May 6, 2020
Hackers Stole and Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms
Hackers compromised five United States law firms and demanded two 100 Bitcoin (BTC) (over $933,000 at press time) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it. According to data shared with Cointelegraph by cybersecurity firm Emsisoft, the hacker group — called Maze — already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1. The hackers published the data on two websites that were shared with the author of this article, …
Bitcoin / Feb. 3, 2020
Maze Hacker Group Claims Infecting Insurance Giant Chubb with Ransomware
Black hat hacker group, Maze, claims to have used ransomware to compromise the systems of insurance giant, Chubb. They also claim to have stolen the firm’s data. Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the claim on its website. While the website does not provide any direct proof of the hack so far, Callow pointed out facts that give the claim an air of credibility: “Maze’s past victims include governments, law firms, healthcare providers, manufacturers, medical research companies, healthcare providers and more.” Maze’s modus operandi Callow explained that the group usually …
Bitcoin / March 29, 2020