The group behind Maze Ransomware has started a trend of publishing data and files from victims unwilling to pay ransom demands
After victims of a ransomware attack refused to pay up, the hackers behind Maze Ransomware published almost 700 MBs of data and files taken from security staffing firm Allied Universal. According to published reports, this was only 10% of the files stolen and the hackers have threatened the release of more data the ransom payment is not made.
This case marks a change in the world of ransomware, as now victims now need to not only be concerned about recovering encrypted files, but what can happen if stolen files were to be leaked to the public.
“Allied Universal is aware of a situation that may involve unauthorized access to our systems. We take any situation of this nature very seriously. This incident is being thoroughly investigated by Allied Universal IT experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate any potential impact. We also have engaged outside cybersecurity experts to re-verify our system’s security. Keeping our company data safe and that of our customers and employees is of paramount importance,” Allied Universal.
Maze ransomware is a ransomware strain that has been active for some time, but incidents involving Maze ransomware have increased since May of 2019.
The bad actors behind Maze ransomware continue to have access to the company’s servers and share a list of file names associated with TLS and email signing certificates.
They further warned that if Allied Universal did not pay, they would initiate a spam campaign using Allied’s domain name and email certificates.
After several attempts at a negotiation, talks between Maze ransomware and Allied Universal hit an impasse.
Maze ransomware releases stolen Allied Files
A public release was made of a link containing 7-zip archives, containing files related to termination agreements, contracts, medical records, server directory listings, encryption certificates, and exported lists of users from their active directory servers.
So What Happens Next?
While many ransomware developers have threatened to release data if a ransom was not paid, this is the first known instance of it actually happening in such a visible manner.
Threat actors globally are escalating their attacks to public disclosure of confidential and sensitive files, and victims need to weigh the cost of paying ransoms versus the potential costs of sensitive information or trade secrets being released to the public.
These attacks may lead to an escalated cost of dealing with breach notifications, hiring data breach lawyers, and any subsequent lawsuits that may follow.
