[NEW RISK] The MAZE Ransomware Gang Outs Their Victims On A Public Web Site

In a continuing escalation of its extortion tactics, independent security researcher, Brian Krebs reported on Krebsonsecurity.com that the criminals behind the MAZE-RANSOMWAREMAZE Ransomware gang just created a publicly viewable web site listing 8 victims and a limited amount of selected data.

MAZE probably hopes that by increasing psychological extortion pressure they will squeeze current victims who are still undecided)  to pay up and they are using this club as a potential warning to warn future victims what could result from not paying particularly when data is exposed. Triggering legal and cost ramifications of reporting and mitigating what would be considered a data breach.  We recently discussed this topic in our blog post about REvil last week.

According to Brian, “less than 48 hours ago, the cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.

Krebs describes the information released publicly so far as “ initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze. “

It's worth noting that the type of information released so far is not very damaging to the victims, but the public web site makes it very clear that they *might* release much more confidential information.   

[“Represented here companies dont wish to cooperate with us and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”]

“KrebsOnSecurity was able to verify that at least one of the companies listed on the site indeed recently suffered from a Maze ransomware infestation that has not yet been reported in the news media.”

While threats to leak data are not new it remains to be seen how effective an extortion tool this turns out to be and whether or not this new "threat experiment" will continue or be copied by other ransomware strains.   

KrebsonSecurity has the details.

Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Ransomware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews