Maze cybercriminals threaten to publish stolen data from victims

Security expert issues a warning

Maze cybercriminals threaten to publish stolen data from victims


By Lyle Adriano

Cybercriminals responsible for the Maze ransomware have threated to leak the data it has stolen from companies refusing to pay the ransom.

The cybercriminals created a website which lists each victim affected by the Maze malware. The attackers also detailed the initial date of infection for each victim, the total volume of files they allegedly stole from the victims (in gigabytes), as well as the IP addresses and machine names of the servers they managed to infect.

To prove they mean business, the attackers have also posted some of the Microsoft Office, text and PDF files they stole from the listed companies on the website.

Cybersecurity news blog Krebs on Security has verified that at least one of the companies listed on the site recently suffered from the Maze ransomware, but the attack has not yet been reported by the media.

According to Lawrence Abrams, founder of, this type of behaviour is nothing new. Ransomware developers have been intimidating victims over their stolen data for years, threatening to publicly release the data if their demands are not met.

However, the Maze ransomware attackers are an exception in one way.

“While it has been a well-known secret that ransomware actors snoop through victim’s data, and in many cases steal it before the data is encrypted, they never actually carried out their threats of releasing it,” Abrams told Krebs on Security.

The attackers have already made good on their threat during a previous incident. Just last month, the cybercriminals threatened Allied Universal that if they did not pay the ransom, stolen data would be leaked. When payment was not received, the attackers released 700MB worth of data on a hacking forum, Krebs on Security said.

“During ransomware attacks, some threat actors have told companies that they are familiar with internal company secrets after reading the company’s files,” explained Abrams.

But even though such incidents should be reported as data breaches, Abrams noted that many ransomware victims choose to ignore the problem, hoping that nobody will notice.

“Now that ransomware operators are releasing victims’ data, this will need to change and companies will have to treat these attacks like data breaches,” the cybersecurity expert added.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!