Roughly a month after the FBI advised U.S. companies to protect themselves against a pernicious strain of ransomware, hackers have continued to attack victims and threaten to publicize their private information.
A hacking group deploying Maze ransomware has used a network of websites to publicly identify organizations it claimed to hack, and which of them refused to pay a ransom.
In one recent note, the group said it would release confidential data if three small law firms based in South Dakota didn’t meet their demands. While it remains unclear if the Maze group has made any information public in this case, this incident only is the latest example of scammers promising to publish data, rather than leaving it encrypted or deleting it outright.
A French government cybersecurity agency on Wednesday published a Maze alert suggesting TA-2101, a hacker group which previously targeted German government agencies and U.S. tax professionals, was behind a spate of recent ransomware attacks.
In an alert at the end of December, the FBI issued a private sector bulletin warning that Maze hackers were impersonating government agencies, well-known security vendors and other seemingly trustworthy organizations to infiltrate victim networks. Maze emerged as a serious issue for U.S. organizations in November, the FBI said, becoming the latest in a long line of ransomware strains to torment companies and government bodies.
Since then, Maze attackers breached a number of medical providers throughout the U.S. In one case, hackers demanded the equivalent of $832,880 from a New Jersey laboratory company to unlock stolen files, and additional payment of $832,880 to delete that data, according to Health IT Security. During that process, Maze published 9.5 GB of information belonging to the company.
In December, Georgia-based cable and wire manufacturer Southwire filed a lawsuit against unnamed Maze hackers, which forced the takedown of a website that Maze used to distribute hacked information. The site, a variation on the name “mazenews,” disappeared, though victims’ relief would have been short lived as other sites, hosted on servers outside U.S. jurisdiction in China and Singapore, surfaced within days.