According to researchers with Sophos Managed Threat Response, the operators behind Maze ransomware have been adopting tactics from rival cybercrime organizations, adding a dangerous new feature. Maze ransomware can now distribute ransomware payloads through virtual machines. According to researchers, this is a “radical” approach that aims to avoid endpoint defense.
Maze ransomware operators have claimed responsibility for a breach against the South Korean multinational company LG Electronics. Maze claimed to have breached and locked the company’s networks to steal company proprietary information on projects involving US companies. Specific details on the breach have not been released yet. Maze typically published
Another ransomware group has partnered with Maze Ransomware, Ragnar Locker, to utilize their data leak platform. Last week, it was discovered that LockBit ransomware had teamed up with the Maze operator. The massive data leak platform is used to extort victims whose files were stolen in a ransomware attack by
Conduent, a US-based multi-billion-dollar IT services firm, has reportedly been the latest Maze ransomware victims after the threat actor group used the Citrix vulnerability to compromise systems. The firm disclosed that their European operations were hit by an attack on May 29, and moved quickly to identify the ransomware and
According to researchers, sensitive and confidential documents have been obtained from Westech International, a US military nuclear missile contractor, after a cyberattack. Experts believe the cyberattack was likely the work of threat group Maze, a well-known and sophisticated group. Cyber-criminals were reportedly able to gain unauthorized access to Westech’s computer
The Banco BCR, the state-owned Bank of Costa Rica, was reportedly hacked and 11 million credit card credentials were allegedly stolen. Hackers claimed to have gained access to the bank’s network in August of 2019, stating that they did not encrypt devices as the possible damage was too high. The
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert to government and commercial organizations around the Maze ransomware threat which has been impacting organizations since October 2019. Included in the alert is a list of IP addresses, domain names, and file hashes that organizations can block in order to prevent successful attacks.
The latest cybercrime operation involving Nemty Ransomware has been stealing victim’s files before encrypting computers and publicly posting the files if the victim does not agree to pay ransom demands. The newest campaign uses a data leak site to punish victims who refuse to pay, and the information released has
The anonymous threat actors behind the Maze Ransomware attacks are being sued by a victim after an attack in early December left their information vulnerable. The victim, US company Southwire, claims that Maze accessed their network, stole and encrypted data, and later published the information after Southwire failed to pay