Ransomware operators have joined forces and are now exchanging tactics, information and extorting victims via a shared data breach platform.
Last November, ransomware operators Maze released unencrypted victim data after refusing to pay his ransom. Shortly after, the group launched a site called “Maze News” which it uses to shame unpaid victims by publishing their stolen data.
Other cybercriminals quickly followed suit and now thirteen active ransomware operations have started to disclose stolen data if their ransoms are not paid.
Cyber-intelligence firm KeLa told media that the group had added information and files for an international architecture firm to its Maze News site. However, this data was not obtained by the Maze ransomware group bought by another ransomware operation that targets businesses, LockBit.
BleepingComputer has decided to contact the operators of Maze ransomware to learn more about this new collaboration. The group then confirmed that they were indeed working with LockBit to share their experience and their data leakage platform, saying:
“In a few days, another group will emerge on our news site, we all see in this cooperation the path leading to mutually beneficial results, both for stakeholder groups and for companies. In addition, they use not only our platform for publishing business data, “but also our experience and reputation, building a solid and beneficial future. We treat other groups like our partners, not like our competitors. Organizational matters are at the root of any successful business. ”
The Maze gang also revealed that another group would soon join their ransomware cartel. Ransomware already posed a serious threat to businesses, and the fact that these groups are now working together means that we will likely see them develop even more sophisticated attacks in the future.