The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.
The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.
The operators behind the Maze ransomware have set up a website where they have published the list names of eight companies that allegedly refused to pay the ransom.
The website includes data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.
In December, Maze ransomware operators have released 2GB of files that were allegedly stolen from the City of Pensacola during the recent attack.
According to BleepingComputer that first confirmed the involvement of the Maze ransomware in the attack against the City of Pensacola, crooks demanded a $1 million ransom to decrypt the victim’s files.
The Maze operators released 2GB out of 32GB of files that they claim to have stolen during the attack on the city network.
The gang has now released an additional 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer.
The attack against the company took place in December, the hackers infected 878 systems on the company network and stole 120GB of files.
The Maze gang demanded $6 million worth of bitcoins to avoid the leak of Southwire’s stolen files, but the company refused to pay the ransom.
Then Maze operators uploaded some of the company’s files to its web site.
Southwire filed a lawsuit against Maze in Georgia courts for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid.
The company asked the web hosting provider who was hosting the Maze site to shut down it.
The Maze operators released an additional 14.1GB of stolen files belonging to Southwire on a Russian hacking forum and announced that they plan to release 10% of the data every week unless the ransom is paid.
“But now our website is back but not only that. Because of southwire actions, we will now start sharing their private information with you, this only 10% of their information and we will publish the next 10% of the information each week until they agree to negotiate. Use this information in any nefarious ways that you want”, states the post published by the Maze operators.
At this point, Southwire executives need to evaluate is it is better to pay the ransom to avoid to sustain greater costs for data being exposed.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Maze ransomware, cybercrime)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.