LockBit, Qilin & DragonForce Join Forces in Ransomware ‘Cartel’ www.darkreading.com/cyberatta…

Security vendor ReliaQuest today published its “Ransomware and Cyber Extortion in Q3 2025” threat intelligence report.

Three of the bigger names in ransomware and data extortion [LockBit, Qilin, DragonForce] recently announced that they’re making a cartel-style play, though it’s unclear what kind of impact that will have.

For all three groups, ReliaQuest posited the collaboration could facilitate technique, resource, and infrastructure sharing in order to strengthen each operation’s individual capabilities. “Similar partnerships have proven transformative in the past — such as in 2020, when LockBit joined forces with the Maze ransomware group. That collaboration introduced double extortion tactics, combining system encryption with data theft to heighten pressure on victims, and used Maze’s data-leak site to amplify impact,” researchers said.

For defenders and organizations, the primary concern is whether a new coalition by three of the larger ransomware operations will result in attacker innovations in the vein of double-extortion attacks.