Among the nastiest of tools on a cybercriminal's tool belt is ransomware, which blocks access to a user's files until a ransom is paid. Once installed on a user's computer, ransomware will prevent the user from accessing their files, then displays a message demanding payment, or else the user's files will be destroyed or made public. This technique is very lucrative for cybercriminals, as many victims of this attack reluctantly pay to recover their data. 

This sort of attack, however, requires a skilled hacker. Infecting a high-value target with ransomware certainly is not trivial, nor is there a single way to do it. Furthermore, as authorities crack down on cybercrime, and security teams patch exploits and vulnerabilities, a successful hacker has to stay ahead of these obstacles. It makes a lot of sense for CyberGangs to collaborate and form a cartel. They can exchange tools and techniques to combine forces to become a more powerful cybercriminal enterprise. 

In May 2020, members of the Maze CyberGang recruited the help of the attackers behind RagnarLocker, SunCrypt, LockBit and Conti/Ryuk ransomware to form a cartel. This union poses a significant danger to potential victims of ransomware, but security researchers do not believe the cartel picked up traction. Chief Security Strategist at Analyst1, Jon DiMaggio, published an analysis of the cartel's activities, which concluded that while these gangs collaborated, they did not exchange funds and so operations as a cartel have dwindled. 

Analyst1 was able to use the Constella Intelligence Hunter platform to track cryptocurrency payments surrounding this attackers' activities. A cyber cartel would pose a more significant danger, as they have access to larger financial resources. However, Analyst1 has determined that these groups have not combined finances. Researchers speculate the gangs created the cartel as a front to appear more threatening.