New Ransomware Tactic: Pay Us or the World Sees Your Keys

The creators of Maze Ransomware have added a new wrinkle to the typical hacker's MO. Instead of quietly infecting and requesting ransom from victims, the so-called Maze team is publicly exposing victims by displaying real files exfiltrated from their hacked servers.

This tactic could be a disaster for crypto companies that may have put private keys or other important financial data into their private archives, should they be breached.

We've reached out to the alleged Maze victims; many have already made public information about the hacks on their websites.

Another group, called REvil, promises to release for free or sell vital company information to competitors if its ransom is not paid.

If they do not want to pay us they can pay 10 times more to the government.

"For years, ransomware developers and affiliates have been telling victims that they must pay the ransom or stolen data would be publicly released," said Lawrence Abrams, ransomware researcher at BleepingComputer.

"While it has been a well-known secret that ransomware actors snoop through victim's data, and in many cases steal it before the data [are] encrypted, they never actually carried out their threats of releasing it."

"This is especially ghastly news for companies that may already face steep fines and other penalties for failing to report breaches and safeguard their customers' data. For example, healthcare providers are required to report ransomware incidents to the U.S. Department of Health and Human Services, which often documents breaches involving lost or stolen healthcare data on its own site," wrote security researcher Brian Krebs.

A list of invoices is one thing; publicizing the keys to a company's crypto accounts are another thing entirely.

Given the amount of data involved, there's no telling what valuable information could be lurking amid a company's paperwork.