The new tactic was first adopted in December 2019 by the operators to publish online a portion of the 120 GB of data stolen from Southwire company.
The site was taken down after Southwire had filed a lawsuit against the operators in the Northern District of Georgia.
The operators of Maze ransomware are back to publicly shame the organizations who declined to ransom demands. This new tactic was first adopted in December 2019 by the operators to publish online a portion of the 120 GB of data stolen from Southwire company.
Where has the data been released?
In December 2019, the stolen data from Southwire was published on the http[:]//mazenews[.]top/ website which was hosted at an ISP in Ireland. The site was taken down after Southwire had filed a lawsuit against the operators in the Northern District of Georgia.
However, this did not stop the malicious plans of the threat actors and a new ‘mazenews’ website was back on the internet with the ISP hosted out of Singapore via Alibaba. This time, the attackers had released an additional 14.1 GB of stolen files from Southwire on the new website.
Which are the impacted companies?
The latest website backed by Maze operators lists the companies that have allegedly been compromised and did not cooperate with ransom demands.
On the site, the Maze states: "Represented here companies do not wish to cooperate with us and trying to hide our successful attack on their resources. Wait for their databases and private papers here. Follow the news!"
The victim companies listed so far are Southwire, RBC, THEONE, Vernay, Bakerwotring, BILTON, Grecco Auto, Groupe Igrec, Mitch Co International, Einhell, CONTINENTALNH3, and Groupe Europe Handling SAS. The city of Pensacola is also included in the list ..
Support the originator by clicking the read the rest link below.
