now browsing by tag


#cybersecurity | hacker | Maze ransomware publicly shaming victims into paying

Source: National Cyber Security – Produced By Gregory Evans

At least
five law firms have been hit and held hostage by the Maze ransomware group in
the last four days with these attacks being part of a wider campaign possibly
affecting between 45 and 180 total victims in January.

Maze is
using a somewhat unique tactic with its latest victims. Instead of simply
placing a ransom note on the infected system and waiting for payment, the gang places
the company name on a website. If a payment is not forthcoming immediately it
then places a small amount of the stolen data on the site as proof, reported Brett
Callow, threat analyst with Emsisoft.

If payment
is received the name is removed. The websites are hosted by two Chinese
companies, one a Singapore-based division of Alibaba and the other by Tencent,
although there is no indication these entities are involved in the ransomware

claim to have stolen data from at least five law firms – three in the last 24
hours alone – and, in two of the cases, a portion of the stolen data has
already been posted online. The data, which includes client information, has
been published on the clear web where it can be accessed by anybody with an
internet connection,” Callow told SC Media.

Emsisoft has
what it believes to be firm data that at least 45 companies were targeted by
Maze in January, but Emsisoft believes this represents only about 25 percent of
the total number of firms involved.

“My concern, as usual, is disclosure,” Callow said discussing the chart below. “It’s submissions we’ve had for Maze (each one represents an actual incident) and we’d estimate it represents only about 25% of the total number. In other words, there’re a lot more submissions than there are companies listed on the website – which means they pay before being listed.”

Source: Emsisoft

The group
has also placed the stolen content on dark forums with instructions telling malicious
actors to “Use this information in any nefarious ways that you want.”

differentiating factor is Maze attempts to fully monetize its criminal endeavor
by demanding $1 million to decrypt the data and then another $1 million to delete
the stolen information, although Callow noted “it seems highly unlikely that a
criminal enterprise would actually delete that it may be able to monetize at a
later date.”

Maze has targeted several high-profile entities within the last few months, including Allied Universal, Southwire and the city of Pensacola. It also recently struck the Canadian firm Bird Construction, which holds several military contracts, and exposed some of the stolen data from Bird subcontractor Suncor and the PII on a few Bird employees, including names, home addresses, phone numbers, banking info., social insurance numbers, tax forms, health numbers, drug and alcohol test results.

Original Source link

The post #cybersecurity | hacker | Maze ransomware publicly shaming victims into paying appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | MAZE Relaunches “Name and Shame” Website

Source: National Cyber Security – Produced By Gregory Evans A threat group has once again taken to the internet to publish data stolen from alleged victims who refuse to cooperate with its ransom demands.  In December 2019, the MAZE ransomware group published online a portion of the 120 GB of data they claimed to have stolen […] View full post on

#cybersecurity | hacker | Maze ransomware possibly behind Southwire attack

Source: National Cyber Security – Produced By Gregory Evans Wire and cable manufacturer Southwire is in the recovery phase from a ransomware attack that struck on December 9 knocking a large portion of the company offline. Published reports state Maze ransomware was the weapon of choice and that the attackers demanded an 850 bitcoin, about […] View full post on

#cybersecurity | #hackerspace | Maze Ransomware Exploiting Exploit Kits

Source: National Cyber Security – Produced By Gregory Evans Cybercrime has never been one to hem in tactics with ideology or rules. Rather, malware operators are known to use what works and then modify code to continue to work. By “work,” we mean that the code does what it is supposed to; for information stealers, […] View full post on