Ransomware attacks can be highly harmful, as they generate multiple consequences for victims. In addition to being one of the most common attack variants, ransomware also shows a constant evolution, making it today’s main cybersecurity threat.
Among the hundreds of reports of new attacks registered
daily, stands out a campaign in which hackers threaten to expose confidential files
of victims in case they don’t pay the ransom. According to the specialized platform
KrebsOnSecurity, a hacking group has even put online a website with information
about some companies that decided not to pay the ransom and recover their files
without negotiating with the criminals.
The malware in question has been identified by
the cybersecurity community as “Maze Ransomware”, and is allegedly
the variant used in the recent cyberattack against the city of Pensacola,
Florida, which forced the temporary shutdown of some local government computer systems.
The hackers responsible for the attack demanded a ransom of $1 million USD,
which the city of Pensacola reportedly refused to pay.
As already mentioned, hackers created a website
to publish information from organizations that have refused to pay the ransom,
which is available for any user’s query. Among the exposed information are
details such as:
of the attack
Microsoft Office files
of some computers connected to corporate networks
In addition, the hackers took the time to place
a threatening message on this website: “The companies exposed here decided
not to cooperate with us and tried to hide our attacks. Their private databases
and documents will soon be published here,” threat actors say.
Brian Krebs, director of KrebsOnSecurity
platform, claims that at least one major company in the US has already been
infected with the Maze ransomware, although the attack has not been publicly
Similar methods had already been used in previous
opportunities, cybersecurity experts assure. After the appearance of the Sodinokibi
ransomware, the attackers began to threaten victims by revealing their stolen
files and data in case they refused to negotiate a payment.
Various cybersecurity firms claim that
Sodinokibi is one of the most profit-making ransomware variants for its
developers since its emergence, which makes authorities assume that extortion
against the companies victimized by this malware works well for hackers. In one
unusual case, a group of hackers that infected thousands of devices with this
malware variant generated more than $280k USD in just one weekend.
Researchers from the International Institute of
Cyber Security (IICS) claim that there are at least 40 hacker groups related to
the use of this malware variant, ensuring to its developers a steady stream of
revenue for each attack that involves the Sodinokibi ransomware. Experts do not
rule out that this malware variant is related to the recent attack on computer
systems in New Orleans, Louisiana, US.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.