The Maze ransomware ring has taken extortion to new heights by publicly posting breached data on the Web—and threatening full dumps of stolen data if the ring’s “clients” do not pay for his or her information to be unencrypted. However the group seems to be making one exception: the Metropolis of Pensacola, which was hit by Maze ransomware in December.

On the group’s web site, the administrator of Maze’s ransomware operations posted:

We’re going to make a present to Metropolis of Pensacola: we won’t publish leaked non-public data, however we publish the listing of leak data and hosts to proof [sic], that we did it, we actually hacked Metropolis of Pensacola.

Simply earlier than Christmas, the Maze operators had posted 2GB of data from the town’s techniques, claiming it was solely 10 p.c of what had been stolen from techniques earlier than the attackers launched their ransomware assault. However the information had been then eliminated, with solely listing data, pc names, and IP addresses left on the positioning as proof of compromise. Primarily based on the Maze web site, 28 servers had been hit by the assault.

Others have not been so fortunate. The Italian meals firm Fratelli Beretta noticed all of the data exfiltrated from 53 techniques (a complete of 3GB) posted online by Maze. And newer victims have had smaller dumps posted. Stockdale Radiology, a radiology clinic in Bakersfield, California, noticed screenshots of affected techniques and data from the clinic’s fax server posted—together with affected person data transmitted from one other MRI clinic. Ars reached out to Stockdale Radiology for remark however received no response.

About 25 different victims are listed on Maze’s web site, with smaller “proof” data units posted that embody buyer info. Victims embody:

• Busch’s Inc., a grocery market chain in Michigan
• BST & Co., a licensed public accountancy agency in Albany
• Lakeland Group Faculty in Kirkland, Ohio
• The social media and public relations unit of Orlando-based firm Massey Providers

In keeping with Emsisoft risk analyst Brett Callow, one latest dump of a Canadian firm’s data included worker “names, dwelling addresses, social insurance coverage numbers, tax kinds, earnings particulars, medical insurance numbers, banking info, drug take a look at outcomes, and so forth.” The corporate didn’t notify workers of the breach.

None of these breaches have been reported publicly by their victims. “The shortage of disclosure clearly implies that clients/shoppers/distributors/companions have no idea that their data is now within the arms of cybercriminals and may be downloaded by anyone with an Web connection,” Callow advised Ars. “And meaning they have no idea that they need to arrange credit score monitoring, notify their monetary establishment, be looking out for scams or spear phishing makes an attempt.”

The Maze crew will not be the one ransomware operation now utilizing stolen data as further leverage to get victims to pay up. The REvil/Sodinokibi ransomware ring has additionally threatened to disclose data of victims who do not pay, together with the vacationers’ monetary service supplier Travelex. And different attackers might also be stealing data and utilizing it in far more refined methods to extort their victims.