Maze: The operators behind the Maze ransomware appear to have already gone back on their word after promising not to target medical facilities during the global COVID-19 pandemic. Last week, the criminal groups that use Maze and DoppelPaymer stated that in the interest of public health, they would temporarily leave medical facilities alone. This did not stop Maze from attacking Hammersmith Medicines Research, a medical facility designated to test vaccines for COVID-19, just prior to making their “promise.” Even after claiming that they would leave medical facilities alone, the Maze operators continued to post data files stolen from Hammersmith on their website. After being called out for leaving Hammersmith’s files on their site, the group has “temporarily removed” public access to the data but not the company’s listing on their list of current victims. The Maze operators also posted a public message yesterday attempting to excuse their actions by claiming that they are providing a “public service” by exposing companies with weak cybersecurity controls. They went on to call those watching them “unprofessional” for calling out their breach of Hammersmith–which they felt should not be included in their promise since it happened several days prior to their agreement to leave medical facilities alone.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased