It’s one thing if you’re up against one ransomware cybercriminal group. But what happens when they start acting like the good guys and joining forces?
It’s inevitable that the bad guys adopt the most successful business models used by traditional software vendors. We’ve seen ransomware be offered as a service, cybercriminal organizations that focus on the one part of an attack they’re really good at, and now we’re seeing cybercriminal organizations partner up to leverage one another to strengthen their product.
We heard recently that several ransomware gangs were teaming up to form an “extortion cartel”. But now, according to the “RansomLeaks” twitter account, The Maze Cartel is adding yet another ransomware gang to its family – RagnarLocker. Maze ransomware was the first ransomware to threaten to publicly post data held for ransom as a means of extorting the ransom payment. And, while other gangs followed suit and began to create their own sites to post stolen data, it does make sense that if one is a really good ransomware creator but not such a great website developer (where data can be easily published), why not ask the guys who have already built the extortion site if you can use it (I assume for a fee)? And so, Maze began reigning in outside ransomware gangs to be a part of their "cartel".
In the end, both gangs make more money, so it’s a “win-win” (for the bad guys anyway).
I expect to see additional gangs jumping on board with the Maze Cartel – this only spells doom for organizations that aren’t prepared for a ransomware attack and the resulting data breach that must be assumed to have occurred.
The only good news is ransomware authors still only have two initial attack vectors – remote desktop access (which you can easily close the loop on), and phishing attacks. Educating users with ongoing Security Awareness Training is impactful enough to lessen the risk of successful phishing attack resulting in the installation of ransomware. By teaching them how to identify suspicious email and web content, users can stay clear of attacks intent on taking their employer to the cleaners.