Hackers compromised five United States law firms and demanded two 100 Bitcoin (over $933,000 at press time) ransoms from each firm.
- one to restore access to the data
- one to delete their copy instead of selling it
According to data shared by cybersecurity firm Emsisoft, the hacker group called Maze already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1. The hackers published the data on two websites that were shared with the author of this article, but will not be released to protect the firms involved.
Maze group first names the hacked companies on its website and if they do not pay, publishes a small part of the stolen data as proof and keeps releasing increasingly sensitive parts of it over time. When a firm pays, the group removes its name from the website.
Brett Callow, a threat analyst with Emisoft said that “the group has also published data in Russian hacker forums with a note to ‘Use this information in any nefarious ways that you want.’” Because of this, he believes that more data will be published unless the hacked firms pay. He also explained:
“It seems highly unlikely that a criminal enterprise would actually delete what it may be able to monetize at a later date.”
Callow explained that ransomware groups started stealing data instead of just encrypting it at the end of 2019. Now cybercriminals are also threatening the victims with release of the data to extort payment.
He said that “the groups have stolen and published data from law firms (including client info.), accounting firms (including client info.), medical practices and medical testing labs (including patient info.) and insurance companies.”
Lastly, Callow also raised the question of how such instances influence the public’s perception of cryptocurrencies. He explained that as ransomware started stealing particularly sensitive data, it is “likely to result in more legal actions being taken against ransomware groups, web hosts and currency exchanges.” He then said:
“Legal actions such as these, as well as the fact that the incidents result in very sensitive data being exposed, is likely to raise the profile of ransomware cases. In turn, that could result in the public thinking cryptocurrency is ‘just for criminals’ making it harder for crypto to become more mainstream.”