Maze Ransomware Group Publicly Releases Stolen Data
by Rick Kuwahara CMO of Paubox
Soon after the recent FBI flash alert warning organizations in the U.S. about Maze ransomware, the hacking group followed through on threats to publicly release stolen data after a failure to pay.
As Paubox reported January 10, 2020, the Maze group differs from common encrypt-only ransomware hackers in its “pay-or-we-will-leak-your-data” approach.
Maze group to organizations: pay or be data shamed
The Maze hacking group is the first known to publicly release stolen data after an organization refuses to pay a ransom in an act of data shaming.
The threat groups behind REvil (Sodinokibi) and DoppelPaymer quickly followed the Maze group’s methods: exfiltrate data before encrypting and demanding a ransom; if it is not paid, expose snippets until a payoff is received.
They, no doubt, will not be the last.
The City of Pensacola and Southwire were targeted and exposed by Maze late last year, and the group apparently has its sights set on the healthcare industry.
A public report naming affected organizations has yet to be released though the Maze group’s personal list of compiled victims include 29 targets that have yet to pay.
Known healthcare organizations include Stockdale Radiology and Sunset Radiology.
The largest is New Jersey’s Medical Diagnostics Laboratories, LLC (MDLabs) which had 100 GB of data stolen then encrypted in December 2019 for a ransom of 200 Bitcoins.
After refusing to pay, the Maze group published 9.5 GB of its data and released an ad to sell the stolen information to other threat actors; MDLabs has yet to publicly respond.
Refocus cybersecurity on detection and prevention
The uptick in ransomware over the past year is disconcerting in itself but becomes alarming with added data stealing and shaming.
Healthcare organizations must be more transparent about breaches, unlike MDLabs, and work further at HIPAA compliancy.
Relying solely on data backup is not best practice; cybersecurity must be proactive to combat such bold and sophisticated attacks.
Especially as the trend of data shaming is likely to stay and escalate.
Invest in solid cybersecurity layers such as up-to-date employee awareness training and Paubox Inbound Email Security to catch and stop ransomware attacks before they occur.