Warning to Law Firms: A Ransomware Group Is Stealing Data and Posting It Online

Five law firms have been hit by a notorious ransomware group known as Maze – three within the last 72 hours alone. It is highly likely Maze will target more law firms in the days and weeks ahead. While only U.S. firms have so been hit, firms in other countries are equally at risk.

In staying true to Maze’s typical modus operandi, the cybergang didn’t simply encrypt the law firms’ data – they also stole it.

Maze – the same group responsible for the attacks on the City of Pensacola, Allied Universal, Southwire and many others – typically uses exfiltrated data as added leverage in ransomware attacks. Maze initially names its victims and, if that is not sufficient to extract payment, publishes a small portion of their data online. This simply serves as proof that they have the data and is the equivalent of a kidnapper sending a pinky finger. Should the ransom still not be paid, Maze’s posts the remainder of the data on its websites, sometimes on a staggered basis. Previously, Maze has also published stolen data in a Russian hacker forum with a note stating to “Use this information in any nefarious ways that you want.” 

In regard to the recent attacks, Maze has already posted a portion of least two of the firms’ stolen data, which includes client information.  

Read more at Emsisoft

(Visited 265 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Tags:

Leave a Reply

Latest from Cybersecurity

Go to Top