Maze and REvil get into stolen data e-commerce

Maze and REvil get into stolen data e-commerce Cybersecurity

Cybercriminals are also breaking new ground: since the start of the year, ransomware groups have distinguished themselves by launching websites dedicated to the dissemination of stolen files to victims who refused to pay the ransoms.

The first group to popularize this tactic, the Maze group, is continuing its momentum today: it is starting to pool its platform and open it to other groups of cybercriminals. A new entry on Maze’s site shows data from an American company, the Smith Group, but indicates that the data was provided by LockBit. LockBit is the name of another ransomware, released as ransomware-as-a-service by its creators, which is currently available for sale on several cybercrime forums.

As Bleeping Computer reports, this is a new strategy implemented by the operators of the Maze ransomware: open their stolen files distribution site to other groups, in order to “allow them to benefit from their experience and the data dissemination platform ”. Maze says collaborations with other groups are also being considered, and that new partners should take advantage of the site to disseminate data from their victims in the coming days. Maze does not specify the price of entry to broadcast data on their site, but we imagine that this new source of income could become interesting for the ransomware group, which can thus monetize the popularity of its stolen files distribution site.

The Ebay of stolen data

Another group is also playing the innovation card this week: REvil, also known as Sodinokibi, has launched an auction site for stolen data. The group announced the arrival of a new auction feature on its site on Tuesday. This marks a change in the approach of REvil, which previously offered stolen files to its victims for free access on its site.

For the moment, REvil is offering the auction of stolen data to a Canadian agricultural company that refused to pay the ransom demanded by the group’s operators. The starting price is set at $ 50,000 in cryptocurrency for stolen databases.

REvil also suggests that this method could be reused for data from other companies that refused to pay the ransom. The ransomware group had in particular got hold of the data of the law firm Grubman Shire Meiselas & Sacks, a law firm which counted several celebrities among its clients, including the singer Madonna or the current president of the United States Donald Trump.


Rate article
Add comment