Maze ransomware group threatens to post data from victims who refuse to pay-up

Twenty-five alleged victims - many of them previously unknown - listed on Maze's website

The Maze ransomware group has threatened to release the data stolen from victims who have refused to pay the ransom.

Last month, the group published on their website (mazenews.top - visit at your own risk) a subset of data stolen from wire and cable manufacturer Southwire after the company refused to cooperate with their $6 million ransom demand.

Maze's website, which was hosted by an Irish ISP, was taken down towards the end of the month after Southwire won its case against the group's operators in the court of Northern District of Georgia, in the US. However, the site was restored earlier this month, this time hosted by an ISP in Singapore.

Wait for their databases and private papers here. Follow the news!

There are about 25 victims currently listed on Maze's website. They include Busch's Inc., BST & Co., Southwire, Lakeland Community College, RBC, Vernay, BILTON, Bakerwotring, THEONE, Groupe Igrec, Mitch Co International, Groupe Europe Handling, Fratelli Beretta, Auteuil Tour Eiffel, Randalegal, and MDL.

The group has left smaller data sets on its site to prove that they are serious and that they possess breached data, which could be put up for sale on the dark web if the victim companies don't pay-up.

Maze operators claim to have exfiltrated 120GB of data from Southwire, 3GB from Fratelli Beretta, and 25GB of data from BST & Co.

"Represented here companies do not wish to cooperate with us, and trying to hide our successful attack on their resources," Maze writes on its website. "Wait for their databases and private papers here. Follow the news!"

We are going to make a gift to City of Pensacola: we will not publish leaked private data

In December, Maze attacked the networks of the city of Pensacola in Florida, and published about 2GB of stolen data on its website. The hackers claimed that it was just 10 per cent of the entire data they had stolen from Pensacola's systems.

Florida Department of Law Enforcement later confirmed to the County Commissioner that it was a Maze Ransomware attack and that the group had demanded a ransom of $1 million in order to decrypt files and restore services.

The group claimed that they had stolen nearly 32GB of data before encrypting Pensacola's network with the ransomware.

While the name of the city is currently listed on the website, the group appears to have decided to be lenient on Pensacola for unknown reasons.

"We are going to make a gift to City of Pensacola: we will not publish leaked private data, but we publish the list of leak data and hosts to proof, that we did it, we really hacked City of Pensacola," wrote Maze.

Maze operators have deleted most of the files belonging to Pensacola from the website, leaving just directory data and IP addresses as proof of breach.