Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United States Technology

Maze Ransomware Was Behind Pensacola 'Cyber Event,' Florida Officials Say (arstechnica.com) 5

An anonymous reader quotes a report from Ars Technica: An email sent by the Florida Department of Law Enforcement to all Florida county commissioners indicated that the ransomware that struck the city of Pensacola on December 7 was the same malware used in an attack against the private security firm Allied Universal, according to a report by the Pensacola News Journal. That malware has been identified elsewhere as Maze, a form of ransomware that has also been distributed via spam email campaigns in Italy.

Bleeping Computer's Lawrence Abrams reported in November that the Maze operators had contacted him after the Allied Universal attack, claiming to have stolen files from the company before encrypting them on the victims' computers. After Allied apparently missed the deadline for payment of the ransom on the files, the ransomware operators published 700 megabytes of files from Allied and demanded 300 Bitcoins (approximately $2.3 million) to decrypt the network. The Maze operators told Abrams that they always steal victims' files to use as further leverage to get them to pay: "It is just a logic. If we disclose it who will believe us? It is not in our interest, it will be silly to disclose as we gain nothing from it. We also delete data because it is not really interesting. We are neither espionage group nor any other type of APT, the data is not interesting for us."
"The use of the data to blackmail the victim, and in Allied's case, the threat to use Allied's certificates and domain name to spam customers with additional ransomware attacks, is something new," writes Sean Gallagher.

"This is the first time this has ever happened, as far as we know," said Brett Callow, a spokesperson for the antivirus software vendor Emisoft. "Ransomware groups usually encrypt, not steal. We expect data exfiltration to become more and more commonplace. Whether Pensacola's data was exfiltrated, I obviously can't say."
This discussion has been archived. No new comments can be posted.

Maze Ransomware Was Behind Pensacola 'Cyber Event,' Florida Officials Say

Comments Filter:
  • Lost his thumb drive.
  • It depends on where your attacker is located. If the hacker is from Asia, they are looking to steal intellectual property, ideas, business plans, anything to get ahead in R&D or investments. Asian attackers deploy encryption / ransomware to cover their tracks when they're found or when they're done.. Which means if you pay, there's a good chance you won't get anything back, since it's really not about the ransom. Russians however are all about the business. It's about making profit off the event, t
  • That malware has been identified elsewhere as Maze, a form of ransomware that has also been distributed via spam email campaigns in Italy.”

    ‘users in Italy are being targeted with spam emails .. These emails .. contain a word document called "VERDI.doc" .. If the user enables the content, an embedded macro will be executed that downloads the ransomware to C:\Windows [bleepingcomputer.com]\Temp\wupd12.14.tmp file and executes it.’

Time is the most valuable thing a man can spend. -- Theophrastus

Working...