Maze Ransomware group publicly releases stolen data

Featured image

Share this article

White ransomware on red background with a locked harddrive in the forefront.

Soon after the recent FBI flash alert warning organizations in the U.S. about Maze ransomware, the hacking group followed through on threats to publicly release stolen data after a failure to pay.

As Paubox reported January 10, 2020, the Maze group differs from common encrypt-only ransomware hackers in its “pay-or-we-will-leak-your-data” approach.

Maze group to organizations: pay or be data shamed

The Maze hacking group is the first known to publicly release stolen data after an organization refuses to pay a ransom in an act of data shaming.

The threat groups behind REvil (Sodinokibi) and DoppelPaymer quickly followed the Maze group’s methods: exfiltrate data before encrypting and demanding a ransom; if not paid, expose snippets until they receive a payoff.

They, no doubt, will not be the last.

Maze targeted and exposed The City of Pensacola and Southwire late last year. Apparently, the group has its sights set on the healthcare industry.

Officials have yet to release a public report naming affected organizations though the Maze group’s personal list of compiled victims includes 29 targets that have yet to pay.

Known healthcare organizations include Stockdale Radiology and Sunset Radiology.

The largest is New Jersey’s Medical Diagnostics Laboratories, LLC (MDLabs) which had 100 GB of data stolen then encrypted in December 2019 for a ransom of 200 Bitcoins.

After refusing to pay, the Maze group published 9.5 GB of its data, putting the stolen information up for sale.

MDLabs has yet to publicly respond.

Refocus cybersecurity on detection and prevention

The uptick in ransomware is disconcerting in itself but becomes alarming with added data stealing and shaming.

Healthcare organizations must be more transparent about breaches, unlike MDLabs, and work further at HIPAA compliancy.

RELATED: HIPAA Compliant Email

Relying solely on data backup is not best practice; cybersecurity must be proactive to combat such bold and sophisticated attacks.

Especially as the trend of data shaming is likely to stay and escalate.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022