While anal ing the data, e found some o erlaps bet een the ictims, hose data appeared in the leaks’ ebsites of more than one ransom are strain. These åfndings correlate ith the reports about ransom are gangs teaming up to form ransom are “s ndicates” or “cartels”, published in mid-2020. According to the reports, the Ma e ransom are gang formed a cartel to e tort ictims through a shared data leak platform. Ma e as detected adding to their leak site, data that as e åfltrated from a ictim of the LockBit ransom are. At the time, Ma e operators purportedl conåfrmed this collaboration and stated the ill be joining forces ith additional ransomware gangs. 10 It is possible that other such ransomware gangs “s ndicates” ha e been formed, alongside the Ma e cartel. + 5 ictims ha e been targeted b multiple ransom are groups + Conti is present in 4 out of the 5 o erlapping attacks + Th ssenKrupp is the most targeted ictim, being attacked b 3 ransom are groups https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/ 10. 2.2 OVERLAPPING VICTIMS + Conti + Mount Locker + NetWalker Th ssenKrupp ST Engineering Laboratoires Expanscience Ventura Orthopedics VUTEQ + Conti + Ma e + Conti + Ma e + Conti + DoppelPaymer + Ma e + Ragnar Victim’s name Ransomware group 10 | The Ransomware Landscape