The Maze ransomware “cartel” is growing.
Two more ransomware gangs, Conti and SunCrypt, have apparently joined the Maze collective, which currently consists of Maze, LockBit and Ragnar Locker.
Maze operators announced the creation of a ransomware cartel that included other cybercrime gangs, which teamed up to share resources, leak victims’ data on Maze’s “news” site and extort their victims.
The Conti ransomware gang, which recently launched its own data leak site, is collaborating with Maze. “They’ve published data from a number of Maze attacks,”.
Conti may be a replacement for Ryuk, which has seen a significant dip in activity in recent weeks. It shares some of its code with Ryuk, uses the same note and also the same infrastructure, which could indicate it was created by the Ryuk team or a splinter group.
Recently,researchers came across a leak disclosure post in which Conti ransomware operators claim to have allegedly breached the Volkswagen Group.
The further expansion highlights Maze’s increasing momentum, which has claimed responsibility for several high-profile ransomware attacks in recent months. Earlier this month, a major cyberattack on technology giant Canon was believed to the latest work of the cybercriminal gang.