Maze ransomware was behind Pensacola “cyber event,” Florida officials say
Enlarge / Pensacola was hit by Maze ransomware, which has apparently stolen data before encrypting it in other cases. (credit: Paul Harris / Getty Images)
An email sent by the Florida Department of Law Enforcement to all Florida county commissioners indicated that the ransomware that struck the city of Pensacola on December 7 was the same malware used in an attack against the private security firm Allied Universal, according to a report by the Pensacola News Journal. That malware has been identified elsewhere as Maze, a form of ransomware that has also been distributed via spam email campaigns in Italy.
Bleeping Computer's Lawrence Abrams reported in November that the Maze operators had contacted him after the Allied Universal attack, claiming to have stolen files from the company before encrypting them on the victims' computers. After Allied apparently missed the deadline for payment of the ransom on the files, the ransomware operators published 700 megabytes of files from Allied and demanded 300 Bitcoins (approximately $2.3 million) to decrypt the network. The Maze operators told Abrams that they always steal victims' files to use as further leverage to get them to pay:
It is just a logic. If we disclose it who will believe us? It is not in our interest, it will be silly to disclose as we gain nothing from it. We also delete data because it is not really interesting. We are neither espionage group nor any other type of APT, the data is not interesting for us.
Stealing data as proof of compromise—and to therefore encourage payment by ransomware victims—is rare but not new. The RobbinHood ransomware operator that attacked Baltimore City in May also stole files as part of the attack and posted screenshots of some files—faxed documents sent to Baltimore City Hall's fax server—on a Twitter account to encourage city officials to pay. Baltimore did not pay the ransom.
Comments
Post a Comment