Last week, the Maze ransomware operators surprised everyone by adding leaked data to their website that was obtained by another ransomware group. Answering questions by BleepingComputer, the group confirmed that it was working collaboratively with the LockBit operators to share the Maze website platform for hosting and distribution of victims’ stolen data. Maze also mentioned to expect more groups to follow in the near future. Following up on that promise, Twitter account @ransomleaks confirmed the addition of the leaked Brunner data obtained by RagnarLocker. RagnarLocker threat actors were previously hosting stolen data through the cloud storage provider MEGA, potentially leaving it vulnerable to removal.
Analyst Notes
If the Maze group is to be believed, we may begin to see more than just LockBit and RagnarLocker sharing their data soon. After starting the trend, Maze is now lowering the barrier to entry for other groups to follow suit by sharing their own platform. Many ransomware attacks could be prevented through a combination of email gateway monitoring, implementing multi-factor authentication for all remote access, and security education focused on phishing attacks. Organizations should also deploy an endpoint monitoring solution to monitor for suspicious actions taken by malicious actors, to catch attacks even if an employee is tricked into running malware. Managed security services such as the Binary Defense Security Operations Center (SOC) can provide 24/7 monitoring to quickly detect, contain and alert security teams to threats before they have the chance to spread throughout the network.
Source: https://twitter.com/ransomleaks/status/1270123288812011520
https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/
