The Crypto Times
Image default
Bitcoin

Maze Ransomware Group Hacks Two Plastic Surgeons

A cybercrime group recently infected two plastic surgery studios with ransomware. They subsequently leaked patient’s social security numbers and other sensitive information onto the internet.

Emsisoft threat analyst, Brett Callow, told Cointelegraph on May 5 that Maze recently took credit for hacking a plastic surgeon named Kristin Tarbet. They also claim to have hacked the Ashville Plastic Surgery Institute. He explained that in Tarbet’s case, the hackers have already leaked highly sensitive data:

“The data that has been posted included names, addresses, social security numbers as well as what appears to be before and after photos and photos taken during surgical procedures. The Maze group typically start by posting only a small amount of the data that was exfiltrated — it’s the equivalent of a kidnapper sending a pinky finger — so they may well have more data than has already been published.”

Callow explained that many ransomware incidents are caused by basic security failings. These include easy-to-crack credentials or unpatched remote access systems. He said that organizations should focus more on cybersecurity since “Maze uses a combination of strategies in order to gain access to networks including [Remote Desktop Protocol] exploitation, phishing, and spear-phishing.”

When it comes to the ransom requested by the hackers, he said that it cannot be known, but past attacks could serve as a guide:

“Only the criminals and the plastic surgeon will know the amount of the demand. In a previous case, Maze claimed their demand was $2 million: $1 million to decrypt the victim’s data and an additional $1 million to destroy the copy of it.”

More data to be leaked

When it comes to the Ashville Plastic Surgery Institute, the published data includes patient names, dates of birth, insurance details, patients’ implant order forms, before and after photos, and internal documents like income statements. Callow explained:

“This data dump is simply an initial warning shot. Should the company not pay, more data may be published.”

Callow said that this is not the first time the group has attacked two targets in the same industry. He explained that Maze’s victims often reside in the same geographic location or operate in the same industry. Maze claimed that there is a reason behind those instances in a statement:

“We don’t need to use phishing attacks and slowly move from one target to another as we have the access to the hosting provider.”

From encrypting data to stealing it: the evolution of ransomware

In recent months, Ransomware groups have started threatening to leak victim’s sensitive information if they are not paid. There was a time when ransomware groups would only render user data inaccessible and ask for the ransom for restoring access to it. As Cointelegraph reported in late April, a cybercrime group has published personal and financial data from the Californian City of Torrance and threatened to release 200 gigabytes more after the city’s officials denied that any data was stolen.

In mid-April, the first major ransomware group — REvil — also announced that it intends to switch from Bitcoin (BTC) to privacy-centric altcoin Monero (XMR). At the time Callow said:

“Like other businesses, criminal enterprises adopt strategies that have been proven to work and, accordingly, if this switch proves successful for REvil, we’d expect to see other groups begin to experiment with demands in currencies other than bitcoin.”

Related posts

Chainanalysis Claims $515 Million Bitcoin Used for Illegal Activities in 2019, Number Expected to Grow

Viena Abdon

Trading Resumes on Cryptopia for Its 40 Crypto Pairs

Viena Abdon

Recap of Cointelegraph Talks: Bitcoin’s Block Reward Halving

Sierra Sanders

Crypto Company Casa Launches Node Monitor to Boost Bitcoin Network Health

Viena Abdon

Positive Market Shift Implied in Bitcoin Price “Bull Cross”

Sierra Sanders

How Switzerland Qualifies as the Central Cryptocurrency Hub of the Globe

Viena Abdon

Leave a Comment