Soon after the recent FBI flash alert warning organizations in the U.S. about Maze ransomware, the hacking group followed through on threats to publicly release stolen data after a failure to pay.
As Paubox reported January 10, 2020, the Maze group differs from common encrypt-only ransomware hackers in its "pay-or-we-will-leak-your-data" approach.
The Maze hacking group is the first known to publicly release stolen data after an organization refuses to pay a ransom in an act of data shaming. The threat groups behind REvil (Sodinokibi) and DoppelPaymer quickly followed the Maze group’s methods: exfiltrate data before encrypting and demanding a ransom; if not paid, expose snippets until they receive a payoff. They, no doubt, will not be the last. Maze targeted and exposed The City of Pensacola and Southwire late last year. Apparently, the group has its sights set on the healthcare industry. Officials have yet to release a public report naming affected organizations though the Maze group’s personal list of compiled victims includes 29 targets that have yet to pay. Known healthcare organizations include Stockdale Radiology and Sunset Radiology. The largest is New Jersey’s Medical Diagnostics Laboratories, LLC (MDLabs) which had 100 GB of data stolen then encrypted in December 2019 for a ransom of 200 Bitcoins. After refusing to pay, the Maze group published 9.5 GB of its data, putting the stolen information up for sale. MDLabs has yet to publicly respond.
The uptick in ransomware is disconcerting in itself but becomes alarming with added data stealing and shaming. Healthcare organizations must be more transparent about breaches, unlike MDLabs, and work further at HIPAA compliancy.
RELATED: HIPAA Compliant Email
Relying solely on data backup is not best practice; cybersecurity must be proactive to combat such bold and sophisticated attacks. Especially as the trend of data shaming is likely to stay and escalate.