The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.
The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.
The operators behind the Maze ransomware have set up a website where they have published the list names of eight companies that allegedly refused to pay the ransom.
“To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.” reads a post published by the popular investigator Brian Krebs.
“Less than 48 hours ago, the
The website includes data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.
“Represented here companies
This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom.
In November 2019, a new threat actor tracked as TA2101 launched malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy.
Once the user opened the attachment and enabled the macros, the malicious code will install the Cobalt Strike pentesting tool or the Maze Ransomware on the victim’s computer.
The threat actors also targeted IT support companies to compromise their MSP and use it to deliver the Maze Ransomware to its clients.