Security staffing firm, Allied Universal, was breached by Maze Ransomware who is leaking stolen files after ransom wasn't paid
* Stole 5GB of files before encrypting network.
* Demanded 300 bitcoins ($2.3 million) ransom
* No payment. Files being leaked.
bleepingcomputer.com/news/security/…
* Stole 5GB of files before encrypting network.
* Demanded 300 bitcoins ($2.3 million) ransom
* No payment. Files being leaked.
bleepingcomputer.com/news/security/…
This is a summary of how the Maze Ransomware crew told BleepingComputer about their breaching of Allied Universal's network and their demands of a $2.3 million ransom. When payment wasn't made, they started leaking the company's stolen files.
Last Friday, BleepingComputer received an email from the Maze Ransomware group who stated that they breached Allied's network, stole unencrypted files, encrypted hundreds of machines, and then demanded a ransom of 300 bitcoins.
If Allied did not pay, Maze would leak their files.
If Allied did not pay, Maze would leak their files.
As part of this email, they supplied a small amount of files that were clearly identified as belonging to Allied. These files included contracts, medical records, and an employee termination agreement. 
After repeated attempts of trying to warn Allied Universal and ask them questions related to this breach, we were given the following statement.
In further emails with Maze, it was clear that they wanted us to write an article as negotiations were going nowhere.
We did not feel comfortable being used as leverage, so we opted to wait until a public statement was made, a ransom was paid, or files were leaked.
We did not feel comfortable being used as leverage, so we opted to wait until a public statement was made, a ransom was paid, or files were leaked.
We were told that if payment was not made, Maze would leak the files and that Allied knew of the demands.
Tonight, Maze published 10% of the stolen files, which equates to almost 700MB of data. If a new demand of $3.8 million is not paid, the rest will be sent to WikiLeaks.
Tonight, Maze published 10% of the stolen files, which equates to almost 700MB of data. If a new demand of $3.8 million is not paid, the rest will be sent to WikiLeaks.
In addition to the previous types of data, this batch also included encryption certificates, directory listings, and exported users from active directory servers.
After Maze first posted to our forums about the breach and us deleting the post, they posted again to a hacker/malware forum that also included a link to the leaked data.
It would not be surprising to find email campaigns, malware, and other attacks signed with Allied's certificates in the near future.
This very public leak of Allied's exfiltrated files has raised the stakes in ransomware incidents. Now companies have to weigh the risk of their data being publicly exposed, and potential lawsuits, to the cost of making a large ransomware payment.
