Ransomware cartel never reached potential, but future efforts may succeed

Ransomware cartel never reached potential, but future efforts may succeed

FBI’s cyber division personnel in front of a computer screen. In late 2020 and 2021 law enforcement scored a series of victories against cybercriminal actors, shutting down certain operations, seizing assets and/or making arrests related to Egregor ransomware, NetWalker RaaS and the Emotet botnet. (FBI)

Counter to initial fears, researchers say the ransomware cartel formed by the Maze cybergang starting in May 2020 never hit its stride.


Indeed, experts who spoke with SC Media said they doubt enough incentive currently exists for competing threat actors to overcome the inherent challenges in working collaboratively and developing a revenue-sharing model. If they ever were able to form an effective alliance, however, the resulting cooperative could present a significant danger to victims as they evolve their skills and weapons.


A new research report published Wednesday, authored by Analyst1 Chief Security Strategist Jon DiMaggio, provided findings of a months-long study of criminal marketplaces and crypto transactions as a means of tracking the cartel. At various times that included the operators of Maze, RagnarLocker, SunCrypt, LockBit and Conti/Ryuk ransomware.


Following the investigation, Analyst1 researchers concluded that they did not see any substantial evidence of cartel members sharing or splitting each others’ profits. For that reason, they believe the partnership between cartel members was somewhat overhyped.


“Profit-sharing is the primary element missing in the coalition of ransomware attackers discussed,” DiMaggio wrote. “Cartels are dangerous due to the large financial resources that profit-sharing provides.”


Other experts familiar with the ransomware scene shared similar observations ..