Maze developers no longer rely solely on the encryption of data, but also copy it from the infected systems. In order to increase the pressure on their victims, they then threat to publish sensitive documents in underground forums or on specially created public shaming websites.
Tapping data also gives the gangs the opportunity to contact corporate customers directly. This is what happened recently in a ransomware attack. If all attempts to extortion fail, the sale of the data in underground forums or the misuse for phishing attacks remain with the aim of spreading one’s own malware.
Public Shaming In Cooperation
Some gangs are currently expanding existing public shaming and sales strategies: Security researchers report that the Maze gang has opened its public shaming website to other groups, who also publish their copied data there. There is also news from the blackmail crew around REvil. They are auctioning off sensitive data, including data from celebrities, as part of online auctions on their own website.
Maze therefore published data on the gang’s own leak website. The group confirmed the cooperation and also announced that it wanted to share its own platform in the ransomware business with another group. They don’t consider other gangs as competitors, but as partners. The gang did not want to answer the question of whether Maze would also benefit financially from the cooperation, for example in the form of a share of the ransoms paid.
Company Secrets Under The Hammer
A few weeks ago, the REvil gang successfully attacked a law firm subsequently. They unsuccessfully requested almost 50 million dollars for copied celebrity data. However, this could at least partially be a bluff: The gang had already announced that confidential Madonna data would be auctioned at the end of MayTthe auction had never taken place. The gang also wants to have compromising information about US president.