Just a few days ago hackers behind launching the Maze Ransomware have taken the responsibility for the attack which affected the City of Pensacola in Florida and demanded a $10,00,000 ransom for a decryptor. But now the hackers published a victim list which includes eight names of companies.
The operators of the ransomware stated that they were responsible for encrypting the city's data and have demanded a $10,00,000 ransom for a decryptor. They shared documents which were stolen from the city but did not state if they have given a deadline to Pensacola or will release them. As per Emsisoft, it is the first ransomware incident in which data was exfiltrated as well as encrypted.
Emsisoft told IBTimes Singapore that the information, stolen from Allied Universal, a California-based security company that has over 200,000 employees, included the email address or other information about the city's employees, which may not be unlikely given that Allied has an office in Pensacola - the Maze group would have been able to use that information to launch a phishing/spear-phishing campaign against the city.
They also mentioned that alternatively, if Allied provided security services to the city, it's possible that an Allied employee may have connected a device to the network and spread the malware that way.
Maze targets companies
After attacking Pensacola, the organizers behind the Maze ransomware attackers have recently made a list of their next victims and shared the names on the website. It says, "Represented here companies don't wish to cooperate with us and trying to hide our successful attack on their resources. Wait for their databases and private papers here. Follow the news!"
Check out the names here:
An Emsisoft spokesperson, Brett Callow told IBTimes Singapore, "This is a concerning development and, as we stated in our recently-released report, we consider the threat level to now be extreme. Every ransomware incident now has the potential to be a data breach, and so prevention and detection are more important than ever. We expect ransomware groups to continue using stolen data as leverage at least into early 2020. Whether the approach continues in the longer term depends on whether it's proved to be more successful than encryption-only attacks."