Blackness chapeau hacker grouping Maze has infected the infrastructure of a firm researching the coronavirus with ransomware, managing to steal and publish sensitive data.

The hack of medical data

Cybersecurity business firm Emsisoft told Cointelegraph on March 23 that Maze group'due south hackers compromised United Kingdom medical firm Hammersmith Medicines Research. The published data includes sensitive data on medical examination volunteers such every bit id documents similar passports, medical background and details of the tests. Emsisoft threat analyst Brett Callow said:

"[The data] is on the clear web where information technology tin can exist accessed by anybody with an internet connection. [...] The criminals almost certainly oasis't published all the data that was stolen. Their modus operandi is to commencement proper noun the companies they've hit on their website and, if that doesn't convince them to pay, to publish a small-scale of the amount of their data — which is the stage this incident appears to be at — equally so-called 'proofs.'"

Fortunately, ComputerWeekly reports that the Hammersmith Medicines Research was able to make the systems operational by the end of the twenty-four hour period. Callow noted that "information technology would announced they were able to rapidly restore their systems from backups." He too said that the data previously published on the hacker'south website is no longer bachelor:

"Note that, since the ComputerWeekly study ran, the data stolen from HMR has been 'temporarily removed' from the criminals' website. [...] Simply here's the problem. Other criminals download the data posted on these leak sites and use it for their own purposes."

Callow told Cointelegraph that he does non know how high the ransom demanded was. Still, he pointed out that the grouping has previously asked for almost $1 million in Bitcoin for restoring access to the information and another $1 million in BTC to delete their copy and cease publishing information technology.

Equally Cointelegraph reported in early Feb, Maze also compromised 5 United States law firms and demanded two 100 Bitcoin ransoms in exchange for restoring data and deleting their copy. Unconversant said that ransomware groups almost always asking to exist paid in Bitcoin:

"99% of ransom demands are in Bitcoin and, to date, information technology has been the Maze grouping's currency of choice."

Criminals are not Robin Hood

In previous incidents, Maze also published stolen data on Russian cybercrime forums recommending to "Use this information in any nefarious ways that y'all want." Callow too criticized "a not inconsiderable number of publications" that recently reported nigh how some ransomware groups — including Maze — stopped their attacks for the time of the pandemic. He said:

"A not inconsiderable number of publications recently reported that some ransomware groups, including Maze, had declared an amnesty on attacks on medical organizations for the duration of the Covid-x outbreak and I've since seen them described as 'Robin Hood-esque.' This clearly demonstrates that, to the surprise of absolutely nobody, criminals cannot be trusted and information technology is a mistake for them to exist given a vocalization."

Callow said that the threat level is the same that it has ever been, or peradventure college. He also insisted that "these groups should not be given a platform which enables them to downplay that fact." This is in line with the contempo Emsisoft report according to which ransomware attacks have a seasonal aspect and the number of attacks spikes during the spring and summertime months.