The Maze ransomware gang has screwed up by targeting a New York design and construction firm instead of the Canadian Standards Association it was intending to hit.
While Google returns plenty of hits for the search term "csa group", almost all of which refer to Canada's answer to the British Standards Institute, there is one exception: an architectural practice located in New York.
It happens to share a name and – almost – a web domain name with its northerly namesakes, being online at csagroup-dot-com. The Canadian standards folk, however, have the domain csagroup-dot-org. And just like that, the New Yorkers got caught in the ransomware crossfire when the Maze gang began hunting for their next target.
Maze's modus operandi is to infect the target company's network with ransomware, exfiltrate and encrypt everything within sight, then demand a hefty ransom in return for a promise to unencrypt and delete the data, along with a promise not to reveal the stolen data to others. If companies don't pay up, the gang begins drip-feeding data online to increase the pressure on them.
Brett Callow, a threat researcher with infosec biz Emsisoft, spotted the Maze gang's howler after inspecting data they dumped online to try to menace CSA Group Canada into paying up. He told The Register: "This is not the first time ransomware cockwombles have cocked up. In a previous incident, DoppelPaymer incorrectly identified a bank after hitting another bank with a very similar name. But at least they had the decency to post an apology to the wrongly named financial institution."
