Maze Cartel new members: Conti and SunCrypt

September 5, 2020
maze ransomware group cartel conti suncrypt malware trojan antimalware solutions

The notorious Maze Ransomware group, which consists of Lock bit, Maze, and Ragnar Locker, is growing as two more gangs joined, namely Conti and SunCrypt group. Last June, the Maze malware operators publicly announced their plan to create a Ransomware Cartel, which includes other cybercrime groups to team up and share hacking exploit resources as well as leaked data of their victims, which can be found in their web forums and page within the dark web.  

The SunCrypt operators had contacted security researchers confirming that they had joined the Maze Cartel. The Conti ransomware group that recently launched and published its own data leak website has reportedly begun working with the Maze ransomware group. Their collaboration was made known after leaking private leaked data from some of the previous Maze operator victims. Both Maze and Conti had published personal data from two similar victims of their recent cyber-attacks, and it is unclear which of the two ransomware groups is responsible for the attack. It appears that there may have been a collaboration between Conti and Maze based on the information found by a cybersecurity researcher. 

The ransomware group Conti was first discovered in June, followed by their recently launched data leak website.  

In a recent cyber-attack report, Conti operators have claimed and disclosed that they attacked and stole data from Volkswagen. The alleged leak disclosure was posted on their data leak site The Volkswagen Group had confirmed that only a single dealership that is based in Germany was affected by the ransomware group’s attack. Fortunately, there were unauthorized access attempts to Volkswagen’s IT Infrastructure, and the attack is isolated to the dealership branch. The involved unit had already taken measures to ensure the security of their system and its data. Furthermore, Volkswagen supported and aided the investigation and analysis of the attack.  

The expansion of the Maze ransomware group shows their increasing momentum along with their claims of responsibility for several high-profile attacks from recent months.


Earlier last August, a major cyber-attack on tech giant Canon was believed to be the result of the Maze Ransomware group’s cybercriminal activities 


Law Enforcement and partnership with the international community must be strengthened to combat these international cybercriminals. Putting these threat actors behind bars is a long shot. However, once done, it can send a strong message to the cyber community and, at the same time, help prevent cyberattacks in the future. 

About the author

Leave a Reply