Maze Ransomware operators threaten victims to publish their data online

The victims of the Maze Ransomware now face another threat because operators behind the malware could publish their data online.

The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.

The operators behind the Maze ransomware have set up a website where they have published the list names of eight companies that allegedly refused to pay the ransom.

“To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.” reads a post published by the popular investigator Brian Krebs.

“Less than 48 hours ago, the cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.“

The website includes data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.

“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!” reads the message published by Maze operators on the website.

This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom.

In November 2019, a new threat actor tracked as TA2101 launched malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy.

Once the user opened the attachment and enabled the macros, the malicious code will install the Cobalt Strike pentesting tool or the Maze Ransomware on the victim’s computer.

The threat actors also targeted IT support companies to compromise their MSP and use it to deliver the Maze Ransomware to its clients.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Maze ransomware, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.