Maze Ransomware adds Ragnar Locker to its extortion cartel
By Lawrence Abrams
Published: 2020-06-08 · Archived: 2026-04-05 17:44:25 UTC
A second ransomware gang has partnered with Maze Ransomware to use their data leak platform to extort victims whose
unencrypted files were stolen.
Before encrypting a victim's network, most network-targeting ransomware operations will steal a victim's unencrypted files.
These files are then used as leverage by threatening to release them publicly on data leak sites if a ransom is not paid.
Last week, we reported that the LockBit ransomware had teamed up with Maze Ransomware to use their data leak platform
and share intelligence to drive successful extortions.
https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/
Page 1 of 4

0:00
https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/
Page 2 of 4

Visit Advertiser websiteGO TO PAGE
This cooperation essentially created a 'cartel' of independent and competing ransomware operations who collude with each
other to increase profits and increase the success of their attacks.
Maze ransomware told BleepingComputer that another ransomware operator would be joining in a few days. Others were in
discussion to join at a later time.
"In a few days another group will emerge on our news website, we all see in this cooperation the way leading to mutual
beneficial outcome, for both actor groups and companies."
Ragnar Locker joins 'Maze Cartel'
Today, BleepingComputer was notified by the 'Ransom Leaks' Twitter account that Maze had added the data for a victim of
another competing ransomware named Ragnar Locker.
The Maze operators also have adopted the 'cartel' label that we associated with their cooperation with competing
ransomware operations.
Ragnar Lock victim on Maze's data leak site
It should be noted LockBit does not operate a data leak site, and thus benefits from using Maze's platform.
Ragnar Locker, on the other hand, does have its own leak site, so it unknown what they gain from this cooperation.
It is not known how Maze benefits from this cooperation, but it could be a piece of the profits for victims who fall for this
extortion tactic.
This continued cooperation between ransomware gangs is a concerning development. The sharing of advice, tactics, and a
centralized data leak platform between different ransomware operations will only enable them to perform more advanced
attacks, with potentially larger ransoms.
https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/
Page 3 of 4

Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the
other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic
questions for any tool evaluation.
Source: https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/
https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/
Page 4 of 4