Last week, the self-described ‘cryptoransomware’ group known as Maze announced a fresh batch of companies from which it claims to have obtained large amounts of internal data. These companies include (ironically enough) cyber security insurance firm Chubb, French firm Bouygues Construction, as well as Curacao-licensed online sportsbook BetUS.
The BetUS page on the Maze website lists three BetUS emails – firstname.lastname@example.org, newaccount@BetUS.com.pa and email@example.com – and posted two ‘proofs’ of some of the data the hackers said they obtained from BetUS.
The proofs total nearly one gigabyte in size and include technical files relating to BetUS gambling software, as well as a much larger proof containing a wide range of internal company documents. These files include the minutes of board meetings, directorship changes, bank forms and even a few passport scans of company execs.
What the proofs don’t appear to contain is BetUS customers’ personal information, although Maze may have chosen to hold off publishing that info while it waits to see if BetUS will comply with its ransom demands. BetUS customers would be well advised to be extra vigilant and to change any shared passwords on other online portals ASAP.
The other firms recently targeted by Maze have released brief statements acknowledging the situation. CalvinAyre.com reached out to BetUS for a response to the data hack but the company had yet to respond by the time this article was published. It’s unclear if BetUS has taken steps to alert its customers to the hack.
Brett Callow, threat analyst with security vendor Emsisoft, warned that “other criminals are known to access the data on these leak sites and use it for their own purposes. Consequently, as these data dumps often contain information relating to companies’ customers and business partners, they’re at risk of spear phishing, identity theft and forms of fraud. This is why it is so important that these incidents are disclosed.”
Maze is unlike other hacker groups in that it operates a public ‘name and shame’ website that alerts the world to its targets. Maze’s M.O. is to demand a ransom (payable in Bitcoin BTC) in exchange for not publishing all of the stolen data. In some cases, Maze demands a further payment for deleting the data, although targets have no way of guaranteeing that Maze will actually make good on this promise.
Maze made headlines last December when it claimed to have stolen data from the City of Pensacola, although it said it would “make a gift” to the city by not publishing the data. Maze claimed that it was only announcing the hack to show “that we did it, we really hacked City of Pensacola.”
In December, the Federal Bureau of Investigation issued a warning to businesses regarding Maze, saying the group used “multiple methods for intrusion, including the creation of malicious look-a-like cryptocurrency sites and malspam campaigns impersonating government agencies and well-known security vendors.”