Black hat hacker grouping, Maze, claims to have used ransomware to compromise the systems of insurance behemothic, Chubb. They also claim to have stolen the firm's data.

Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the merits on its website. While the website does not provide any straight proof of the hack so far, Callow pointed out facts that give the claim an air of credibility:

"Maze's by victims include governments, law firms, healthcare providers, manufacturers, medical enquiry companies, healthcare providers and more."

Maze's modus operandi

Callow explained that the group commonly first claims the hacks after successful attacks and and then — if the victim does non pay — they publish a pocket-size amount of the stolen data as proof of the hack. At this point, if the compromised entity still does non pay, Maze will offset publishing more and more sensitive data:

"Should the company notwithstanding not pay, more data is published, sometimes on a staggered basis, to ramp up the pressure. In previous cases, the criminals have also published the data on Russian cybercrime forums with a note to 'Use this information in any nefarious ways that you want.' In one previous incident, the group demanded $1 million to decrypt a visitor's information plus an additional $i million to destroy the copy that had been stolen."

In February, Maze compromised five United States constabulary firms and demanded two 100 Bitcoin ransoms in exchange for restoring data and deleting boosted copies of their files. The bribe amount demanded from Chubb is not currently known.

According to company information website, Owler, Chubb is an insurance provider headquartered in Zurich with 32,700 employees and an annual revenue of $34.two billion. The business firm did not reply Cointelegraph'southward inquiry by press time.

An organized hacker group

Maze is a specially notorious and well-organized cybercriminal group. Callow also told Cointelegraph that "Maze was the first ransomware grouping to steal and publish data, and information technology is a strategy that other groups take since adopted."

Maze also publishes press releases on the same website where stolen information is published. Those announcements closely resemble the statements released by ordinary companies, although they oft contain grammatical errors. In one such press release — published on March 22 — the group claims that it carries on its activities in an attempt to bring attention to the lack of cybersecurity. The release reads:

"We want to prove that the organisation is unreliable. The cybersecurity is weak. The people who should care well-nigh the security of the information are unreliable. We desire to show that nobody cares about the users. [...] Some people similar Julian Assange or Edward Snowden were trying to bear witness the reality. Now information technology's our turn. We will modify the state of affairs by making irresponsible companies pay for every data leak."

The declaration as well promises that the public volition hear more than almost successful attacks by the group in the future. In another announcement — dated March xviii — the Maze group also promised that firms they hack among the pandemic will have right to a discount in the ransom:

"Due to the state of affairs with the incoming global economy crisis and virus pandemic, our Squad decided to help commercial organizations as much as possible. We are starting an exclusive disbelieve season for everyone who has faced our production. Discounts are offered for both decrypting files and deleting of the leaked data. To get the discounts our partners should contact u.s. using the chat or our news resource."

As Cointelegraph recently reported, Maze too infected the systems of Hammersmith Medicines Research, a United Kingdom house researching the coronavirus. Maze published sensitive data on its website including the results of medical tests and id documents, such every bit passports.