The hackers responsible for launching Maze Ransomware have claimed the responsibility for the attack which affected the City of Pensacola in Florida. As per the cybersecurity company Emsisoft, it is the first ransomware incident in which data was exfiltrated as well as being encrypted.

However, it should be noted that even though the cybercriminals behind the Maze Ransomware operation have taken responsibility, they denied having any affiliation with the recent shooting at NAS Pensacola.

Hackers behind Maze Ransomware

As reported by BleepingComputer, in an email the operators of the ransomware stated that they were responsible for encrypting the city's data and have demanded a $1000000 ransom for a decryptor. They shared documents which were stolen from the city but did not state if they have given a deadline to Pensacola or will release them.

Emsisoft told IBTimes Singapore that the information, which is stolen from Allied Universal, a California-based security company that has over 200,000 employees, included the email address or other information about the city's employees, which may not be unlikely given that Allied has an office in Pensacola - the Maze group would have been able to use that information to launch a phishing/spear-phishing campaign against the city.

They also mentioned that alternatively, if Allied provided security services to the city, it's possible that an Allied employee may have connected a device to the city's network and spread the malware that way. As per the experts from Emsisoft, it's certainly possible that the incidents could be connected.

"This is nothing more than speculation, of course. What it does demonstrate, however, is better reporting and information sharing are needed. A security incident at one organization can put other organizations at risk," it added.

ransomware
Reuters

Attack and recovery

The cybercriminals behind the attack also claimed that they intentionally avoided emergency services, or what they call 'socially significant services', such as 911. They also revealed that they don't target medical centres like hospitals and cancer centres as well as other socially vital objects, instead, they will provide a decrypt for free.

A Public Information Officer for the City of Pensacola Kaycee Lagarde stated that since the investigation is still going on they could not provide further details, but mentioned that the attacked city is slowly recovering and that their mail servers are back up and that most landlines have been restored.

"We are somewhat limited since we aren't able to use our computers or internet until these issues are resolved. Emergency dispatch and 911 services were not impacted and continue to operate. Our website at cityofpensacola.com and online permitting services at mygovernmentonline.org were not impacted and remain operational," Lagarde added.