• January 25, 2022

Maze ransomware providers once again decide to use the internet to publish a list of victim organizations

  • The brand new tactic was initially adopted in Dec 2019 by the operators to create an online sum from the 120 GB of data taken from the Southwire organization.
  • The website was removed after Southwire experienced submitted a lawsuit against the providers in the North Area of Georgia.

The operators of Maze ransomware are back again to shame the organizations that declined to ransom needs publicly. This new strategy was first used in Dec 2019 from the operators to create online some from the 120 GB of data taken from the Southwire organization.

Where gets the data been released?

In Dec 2019, the stolen data from Southwire was posted around the HTTP [:]//mazenews [.]best/ website that was hosted at an ISP in Ireland. The site was removed after Southwire experienced submitted a lawsuit against the providers in the North Area of Georgia.

However, this didn’t end the malicious programs from the threat stars, and a fresh ‘mazenews’ website was back again on the web using the ISP hosted away from Singapore via Alibaba. This time around, the attackers got released yet another 14.1 GB of taken files from Southwire on the brand new website.

Which will be the impacted companies?

The most recent website backed by Maze operators lists the firms which have allegedly been compromised and didn’t cooperate with ransom needs.

On the webpage, the Maze states: “Represented here companies usually do not desire to cooperate around and to try to cover our successful attack on the resources. We await their directories and private documents here. Follow the news headlines!”

The victim firms listed up to now are Southwire, RBC, THEONE, Vernay, Bakerwotring, BILTON, Grecco Auto, Groupe Igrec, Mitch Co International, Einhell, CONTINENTALNH3, and Groupe European countries Handling SAS. The town of Pensacola can be contained in the list along with American taxes advisory company BST & Co. and lab testing service MDL.

The operators also have published information on some stolen documents owned by Einhell, Fratelli Beretta, Crossroadsnet, MDL, BST & Co, SAXBST, and Auteuil Tour Eiffel.

Sodinokibi providers follow the same path.

The providers behind the Sodinokibi ransomware for the very first time have released data files stolen in one of their victims just because a ransom had not been paid with time. The affected sufferer is Artech Info Systems, and threat stars have published links to its around 337MB of taken data on the Russian hacker and malware discussion board.

Conclusion

This practice of using stolen data as leverage won’t go away any time in the future and is getting worse. Experts expect that even more ransomware providers will soon start to utilize this method as part of their attacks.

0 0 votes
Rating

Read Previous

Pre-Bitcoin Halving Race Pushes Mining Difficulty to Record High

Read Next

Dark Web Social Media Sites Links

guest
0 Comments
Inline Feedbacks
View all comments