Hackers who carried out Maze Ransomware attack in the Pensacola city of Florida have released two gigabytes of data files stolen before encrypting the data on the internet. This was done to prove that they possessed credible data which could be put up for sale on the dark web. They held the media responsible for this as they called them names and instigated to take such drastic steps.
When it happened?
On Saturday December 7, the Pensacola city of Florida was hit by a cyber-attack that forced the city to suspend majority of its networks. At the time, severity and critical nature of the attack was not known and the City’s IT employees worked tirelessly to restore services. It was later confirmed that the outage was caused by a ransomware attack. Florida Department of Law Enforcement sent an official letter to the County Commissioner stating that it was a Maze Ransomware attack and the hackers demanded a ransom of US$1 million in order to restore all the services.
What was affected?
All email and telephone services along with 311 customer service was affected by the ransomware attack. Hackers emphasized and told Bleeping computers that, “no one of the socially significant services has suffered (for example 911).” They further added, “We don’t attack hospitals, cancer centers, maternity hospitals and other socially vital objects, up to the point that if someone uses our software to block the latter, we will provide a decrypt for free.”
Why did they release 2GB of stolen data?
On December 23, while the City was still recovering from the ransomware attack, hackers released 2GB of data files from the total 32GB of data that they claimed was stolen prior to encrypting the City’s network with the maze ransomware. In the statement given to the Bleeping Computer, the hackers said, “This is the fault of mass media who writes that we don’t exfiltrate data (worth) more than a few files. We did not want to make a pressure on the city, we still don’t make it right now. We’ve shown that our intentions are real.”
In a similar incident earlier this month, New Orleans, a city in Louisiana became a victim of a ransomware attack. The city declared a state of emergency and shut down its computer and network systems on detecting suspicious ransomware and a pool of phishing emails. The incident affected multiple services in New Orleans like Municipal courthouses and the city’s Healthcare for the Homeless, according to Mayor LaToya Cantrell. It’s said that most employees at government agencies were using their Gmail accounts to handle requests, as the city’s email server was taken offline.
Colin Cowie, researcher and founder of cybersecurity research firm Red Flare Security, stated that Ryuk Ransomware might be behind the New Orleans attack. Cowie stated that he observed similarities of Ryuk ransomware on the affected computer systems.