TA2101: The group behind the Maze ransomware, which is now being identified by TA2101, has published 700 MB of data that was allegedly stolen from Allied Universal, a security staffing firm. The published data is only 10% of the data that was stolen according to sources. After missing the deadline for an extortion payment, the group behind the Maze ransomware held to their word and released the data. The threat actors reached out directly out to Bleeping Computer, informing them of the infection and details on what happened. TA2101 stated they asked the company to pay a ransom to decrypt their files and not have any data leaked. Maze actors also stated in their message that they would alert the news to the breach if the ransom was not paid. After releasing 10% of the stolen data, the group told Allied Universal that they will release the other 90% of data if the company does not pay an increased ransom. Allied Universal was aware of the situation and was working on their investigation to determine which avenue would be best to pursue. The ransom was not paid, which could partially be to confusion about the time zone used for the deadline – the threat group stated they are located somewhere in Asia. Allied Universal has not commented since the data was released.
By: Dan McNemar It is not a new concept that criminals use the Darknet to