Ransomware Group Hit Five US Law Firms Demand Ransom in Bitcoins
By RTTNews Staff Writer | Published: 2/4/2020 9:20 AM ET
Five U.S. law firms have been hit by a dangerous ransomware group called Maze, stealing their data and then encrypting it, a modus operandi they are known for, according to cybersecurity firm Emsisoft. Maze is reportedly demanding a ransom in bitcoins to restore or delete their data with them.
At least three of these law firms have been affected within the last 72 hours, and it is feared that Maze could target more law firms in the days to come. Though currently only U.S. firms have been hit, firms in other countries are also at risk.
Emsisoft believes malicious email attachments were used to infect the networks of the affected law firms. Ransomware can be delivered in a variety of formats, including PDF, ZIP, Word document, Excel spreadsheet and more.
Maze generally extracts a ransom from their targeted victims in return for the deletion of the data stolen from them. For proof, they initially name the victims, and if that does not work, they publish a small portion of their data online.
If the ransom is still not paid, Maze will go ahead and post the remainder of the data on its websites, sometimes on a staggered basis.
In the current attacks, Maze has already posted a portion of the stolen data of at least two of the firms, which includes client information. Maze claims that the stolen data will be deleted upon payment.
Attacks that steal data are considered to be data breaches which, under U.S. law, are treated very differently to malware infections. These data breaches could also lead to the affected firms facing legal action from aggrieved customers.
Emsisoft warns that opening a malicious attachment may deploy the ransomware immediately, or it may enable attackers to remotely execute the ransomware in future. The attachments are delivered via phishing emails.
Phishing is a very common attack vector in which threat actors pretend to be a legitimate entity in order to elicit an action from the target.
Around 400 servers of the Colorado Department of Transportation (CDOT) were affected and the whole computer network was hung in a ransomware attack in 2018.
For comments and feedback contact: editorial@rttnews.com
Article written by an RTT News Staff Writer, and posted on the RTT News.com website.
Article reposted on Markethive by Jeffrey Sloe