Threat Watch

Maze Ransomware Gang Recruiting Other Ransom Groups

The Maze ransomware group, known for starting the trend of releasing data of victims that refuse to pay, is shaking things up again. The Maze website shows an entry for a victim that was contributed by LockBit, another ransomware group that began operating late last year. After BleepingComputer reached out to the Maze operators to learn more about what appeared to be collaboration between the two groups, Maze confirmed that they were working with the group to share their experience and platform. Maze also told reporters at BleepingComputer that a second group would be posting to the Maze website with the possibility of even more groups to come in the near future.

ANALYST NOTES

After starting the trend of publishing data from ransom victims, Maze appears determined to make it possible for many more ransomware groups to take advantage of the same technique to extort victims for more money. Threat groups working together to lower the barrier to entry is all the more reason to treat every ransom incident as a data breach. Organizations should consider deploying an endpoint monitoring solution to monitor for suspicious actions that can indicate the early stages of an intrusion. Managed security services such as the Binary Defense Security Operations Center (SOC) provide 24/7 monitoring to quickly detect, contain and alert security teams to threats before they have the chance to spread throughout the network.