Malware

Ransomware variant threatens to expose victims’ personal & business details if they don’t pay to hackers

Ransomware attacks can be highly harmful, as they generate multiple consequences for victims. In addition to being one of the most common attack variants, ransomware also shows a constant evolution, making it today’s main cybersecurity threat.

Among the hundreds of reports of new attacks registered
daily, stands out a campaign in which hackers threaten to expose confidential files
of victims in case they don’t pay the ransom. According to the specialized platform
KrebsOnSecurity, a hacking group has even put online a website with information
about some companies that decided not to pay the ransom and recover their files
without negotiating with the criminals.

The malware in question has been identified by
the cybersecurity community as “Maze Ransomware”, and is allegedly
the variant used in the recent cyberattack against the city of Pensacola,
Florida, which forced the temporary shutdown of some local government computer systems.
The hackers responsible for the attack demanded a ransom of $1 million USD,
which the city of Pensacola reportedly refused to pay.

As already mentioned, hackers created a website
to publish information from organizations that have refused to pay the ransom,
which is available for any user’s query. Among the exposed information are
details such as:

  • Date
    of the attack
  • Stolen
    Microsoft Office files
  • IP
    addresses
  • Names
    of some computers connected to corporate networks

In addition, the hackers took the time to place
a threatening message on this website: “The companies exposed here decided
not to cooperate with us and tried to hide our attacks. Their private databases
and documents will soon be published here,” threat actors say.

Brian Krebs, director of KrebsOnSecurity
platform, claims that at least one major company in the US has already been
infected with the Maze ransomware, although the attack has not been publicly
disclosed.

Similar methods had already been used in previous
opportunities, cybersecurity experts assure. After the appearance of the Sodinokibi
ransomware, the attackers began to threaten victims by revealing their stolen
files and data in case they refused to negotiate a payment.

Various cybersecurity firms claim that
Sodinokibi is one of the most profit-making ransomware variants for its
developers since its emergence, which makes authorities assume that extortion
against the companies victimized by this malware works well for hackers. In one
unusual case, a group of hackers that infected thousands of devices with this
malware variant generated more than $280k USD in just one weekend.

Researchers from the International Institute of
Cyber Security (IICS) claim that there are at least 40 hacker groups related to
the use of this malware variant, ensuring to its developers a steady stream of
revenue for each attack that involves the Sodinokibi ransomware. Experts do not
rule out that this malware variant is related to the recent attack on computer
systems in New Orleans, Louisiana, US.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

To Top

Pin It on Pinterest

Share This