The victims of the Maze Ransomware now face another threat because operators behind the malware could become publish their data online.

The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.

The operators behind the Maze ransomware have set up a website where they have published the list names of eight companies that allegedly refused to pay the ransom.

“To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors.” reads a post published by the popular investigator Brian Krebs.

“Less than 48 hours ago, the cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.

The website includes data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.

“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!” reads the message published by Maze operators on the website.

This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom.

In November 2019, a new threat actor tracked as TA2101 launched malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy.

Once the user opened the attachment and enabled the macros, the malicious code will install the Cobalt Strike pentesting tool or the Maze Ransomware on the victim’s computer.

The threat actors also targeted IT support companies to compromise their MSP and use it to deliver the Maze Ransomware to its clients.

Pierluigi Paganini