Today, BleepingComputer was told by cyber intelligence firm KeLa that the Maze operators added the information and files for an international architectural firm to their data leak site.
What made this leak different was that the info was not from a Maze ransomware attack, but rather by another enterprise-targeting ransomware operation known as LockBit.
Ransomware gangs are teaming up to extort victims through a shared data leak platform, and the exchange of tactics and intelligence.
In November 2019, the Maze Ransomware operators transformed ransomware attacks into data breaches after they released unencrypted data of a victim who refused to pay.
Soon after, they launched a dedicated "Maze News" site used to shame their unpaid victims by publicly releasing stolen data.
This extortion tactic was quickly adopted by other groups, which now includes thirteen active ransomware operations known to leak stolen data if not paid.
Ransomware cartel formed
The Maze gang is once again stirring up the threat landscape by creating a cartel of ransomware operations to share resources and extort their victims.
With the average ransom payment over $100,000, and some victims allegedly paying millions, enterprise-targeting ransomware operations working alone have been very successful.
By joining forces to share advice, tactics, and a centralized data leak platform, ransomware operations can focus more on creating more sophisticated attacks and successful extortion attempts. Full Story at: