Five law firms have been hit by a notorious ransomware group known as Maze – three within the last 72 hours alone. It is highly likely Maze will target more law firms in the days and weeks ahead. While only U.S. firms have so been hit, firms in other countries are equally at risk.
In staying true to Maze’s typical modus operandi, the cybergang didn’t simply encrypt the law firms’ data – they also stole it.
Maze – the same group responsible for the attacks on the City of Pensacola, Allied Universal, Southwire and many others – typically uses exfiltrated data as added leverage in ransomware attacks. Maze initially names its victims and, if that is not sufficient to extract payment, publishes a small portion of their data online. This simply serves as proof that they have the data and is the equivalent of a kidnapper sending a pinky finger. Should the ransom still not be paid, Maze’s posts the remainder of the data on its websites, sometimes on a staggered basis. Previously, Maze has also published stolen data in a Russian hacker forum with a note stating to “Use this information in any nefarious ways that you want.”
In regard to the recent attacks, Maze has already posted a portion of least two of the firms’ stolen data, which includes client information.