Login

Register

Login

Register

#cybersecurity | hacker | Maze ransomware publicly shaming victims into paying


At least
five law firms have been hit and held hostage by the Maze ransomware group in
the last four days with these attacks being part of a wider campaign possibly
affecting between 45 and 180 total victims in January.

Maze is
using a somewhat unique tactic with its latest victims. Instead of simply
placing a ransom note on the infected system and waiting for payment, the gang places
the company name on a website. If a payment is not forthcoming immediately it
then places a small amount of the stolen data on the site as proof, reported Brett
Callow, threat analyst with Emsisoft.

If payment
is received the name is removed. The websites are hosted by two Chinese
companies, one a Singapore-based division of Alibaba and the other by Tencent,
although there is no indication these entities are involved in the ransomware
scheme.

“Hackers
claim to have stolen data from at least five law firms – three in the last 24
hours alone – and, in two of the cases, a portion of the stolen data has
already been posted online. The data, which includes client information, has
been published on the clear web where it can be accessed by anybody with an
internet connection,” Callow told SC Media.

Emsisoft has
what it believes to be firm data that at least 45 companies were targeted by
Maze in January, but Emsisoft believes this represents only about 25 percent of
the total number of firms involved.

“My concern, as usual, is disclosure,” Callow said discussing the chart below. “It’s submissions we’ve had for Maze (each one represents an actual incident) and we’d estimate it represents only about 25% of the total number. In other words, there’re a lot more submissions than there are companies listed on the website – which means they pay before being listed.”

Source: Emsisoft

The group
has also placed the stolen content on dark forums with instructions telling malicious
actors to “Use this information in any nefarious ways that you want.”

Another
differentiating factor is Maze attempts to fully monetize its criminal endeavor
by demanding $1 million to decrypt the data and then another $1 million to delete
the stolen information, although Callow noted “it seems highly unlikely that a
criminal enterprise would actually delete that it may be able to monetize at a
later date.”

Maze has targeted several high-profile entities within the last few months, including Allied Universal, Southwire and the city of Pensacola. It also recently struck the Canadian firm Bird Construction, which holds several military contracts, and exposed some of the stolen data from Bird subcontractor Suncor and the PII on a few Bird employees, including names, home addresses, phone numbers, banking info., social insurance numbers, tax forms, health numbers, drug and alcohol test results.



Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW