Ransomware variant threatens to expose victims’ personal & business details if they don’t pay to hackers

Ransomware attacks can be highly harmful, as they generate multiple consequences for victims. In addition to being one of the most common attack variants, ransomware also shows a constant evolution, making it today’s main cybersecurity threat.

Among the hundreds of reports of new attacks registered daily, stands out a campaign in which hackers threaten to expose confidential files of victims in case they don’t pay the ransom. According to the specialized platform KrebsOnSecurity, a hacking group has even put online a website with information about some companies that decided not to pay the ransom and recover their files without negotiating with the criminals.

The malware in question has been identified by the cybersecurity community as “Maze Ransomware”, and is allegedly the variant used in the recent cyberattack against the city of Pensacola, Florida, which forced the temporary shutdown of some local government computer systems. The hackers responsible for the attack demanded a ransom of $1 million USD, which the city of Pensacola reportedly refused to pay.

As already mentioned, hackers created a website to publish information from organizations that have refused to pay the ransom, which is available for any user’s query. Among the exposed information are details such as:

  • Date of the attack
  • Stolen Microsoft Office files
  • IP addresses
  • Names of some computers connected to corporate networks

In addition, the hackers took the time to place a threatening message on this website: “The companies exposed here decided not to cooperate with us and tried to hide our attacks. Their private databases and documents will soon be published here,” threat actors say.

Brian Krebs, director of KrebsOnSecurity platform, claims that at least one major company in the US has already been infected with the Maze ransomware, although the attack has not been publicly disclosed.

Similar methods had already been used in previous opportunities, cybersecurity experts assure. After the appearance of the Sodinokibi ransomware, the attackers began to threaten victims by revealing their stolen files and data in case they refused to negotiate a payment.

Various cybersecurity firms claim that Sodinokibi is one of the most profit-making ransomware variants for its developers since its emergence, which makes authorities assume that extortion against the companies victimized by this malware works well for hackers. In one unusual case, a group of hackers that infected thousands of devices with this malware variant generated more than $280k USD in just one weekend.

Researchers from the International Institute of Cyber Security (IICS) claim that there are at least 40 hacker groups related to the use of this malware variant, ensuring to its developers a steady stream of revenue for each attack that involves the Sodinokibi ransomware. Experts do not rule out that this malware variant is related to the recent attack on computer systems in New Orleans, Louisiana, US.