{
	"id": "e0e9c955-263d-4cc2-839c-f92d45e1d05b",
	"created_at": "2026-04-06T00:07:00.504404Z",
	"updated_at": "2026-04-10T03:20:00.837502Z",
	"deleted_at": null,
	"sha1_hash": "05fa64df15dcc0918360e626aa2b367bb376c3ce",
	"title": "Maze Ransomware adds Ragnar Locker to its extortion cartel",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 815054,
	"plain_text": "Maze Ransomware adds Ragnar Locker to its extortion cartel\r\nBy Lawrence Abrams\r\nPublished: 2020-06-08 · Archived: 2026-04-05 17:44:25 UTC\r\nA second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose\r\nunencrypted files were stolen.\r\nBefore encrypting a victim's network, most network-targeting ransomware operations will steal a victim's unencrypted files.\r\nThese files are then used as leverage by threatening to release them publicly on data leak sites if a ransom is not paid.\r\nLast week, we reported that the LockBit ransomware had teamed up with Maze Ransomware to use their data leak platform\r\nand share intelligence to drive successful extortions.\r\nhttps://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThis cooperation essentially created a 'cartel' of independent and competing ransomware operations who collude with each\r\nother to increase profits and increase the success of their attacks.\r\nMaze ransomware told BleepingComputer that another ransomware operator would be joining in a few days. Others were in\r\ndiscussion to join at a later time.\r\n\"In a few days another group will emerge on our news website, we all see in this cooperation the way leading to mutual\r\nbeneficial outcome, for both actor groups and companies.\"\r\nRagnar Locker joins 'Maze Cartel'\r\nToday, BleepingComputer was notified by the 'Ransom Leaks' Twitter account that Maze had added the data for a victim of\r\nanother competing ransomware named Ragnar Locker.\r\nThe Maze operators also have adopted the 'cartel' label that we associated with their cooperation with competing\r\nransomware operations.\r\nRagnar Lock victim on Maze's data leak site\r\nIt should be noted LockBit does not operate a data leak site, and thus benefits from using Maze's platform.\r\nRagnar Locker, on the other hand, does have its own leak site, so it unknown what they gain from this cooperation.\r\nIt is not known how Maze benefits from this cooperation, but it could be a piece of the profits for victims who fall for this\r\nextortion tactic.\r\nThis continued cooperation between ransomware gangs is a concerning development. The sharing of advice, tactics, and a\r\ncentralized data leak platform between different ransomware operations will only enable them to perform more advanced\r\nattacks, with potentially larger ransoms.\r\nhttps://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/\r\nhttps://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/"
	],
	"report_names": [
		"maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel"
	],
	"threat_actors": [],
	"ts_created_at": 1775434020,
	"ts_updated_at": 1775791200,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/05fa64df15dcc0918360e626aa2b367bb376c3ce.pdf",
		"text": "https://archive.orkl.eu/05fa64df15dcc0918360e626aa2b367bb376c3ce.txt",
		"img": "https://archive.orkl.eu/05fa64df15dcc0918360e626aa2b367bb376c3ce.jpg"
	}
}