Maze Hacker Group Claims Infecting Insurance Giant Chubb with Ransomware

Published at: March 29, 2020

Black hat hacker group, Maze, claims to have used ransomware to compromise the systems of insurance giant, Chubb. They also claim to have stolen the firm’s data.

Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the claim on its website. While the website does not provide any direct proof of the hack so far, Callow pointed out facts that give the claim an air of credibility:

“Maze’s past victims include governments, law firms, healthcare providers, manufacturers, medical research companies, healthcare providers and more.”

Maze’s modus operandi

Callow explained that the group usually first claims the hacks after successful attacks and then — if the victim does not pay — they publish a small amount of the stolen data as proof of the hack. At this point, if the compromised entity still does not pay, Maze will start publishing more and more sensitive data:

“Should the company still not pay, more data is published, sometimes on a staggered basis, to ramp up the pressure. In previous cases, the criminals have also published the data on Russian cybercrime forums with a note to ‘Use this information in any nefarious ways that you want.’ In one previous incident, the group demanded $1 million to decrypt a company’s data plus an additional $1 million to destroy the copy that had been stolen.”

In February, Maze compromised five United States law firms and demanded two 100 Bitcoin ransoms in exchange for restoring data and deleting additional copies of their files. The ransom amount demanded from Chubb is not currently known.

According to company data website, Owler, Chubb is an insurance provider headquartered in Zurich with 32,700 employees and an annual revenue of $34.2 billion. The firm did not answer Cointelegraph’s inquiry by press time.

An organized hacker group

Maze is a particularly notorious and well-organized cybercriminal group. Callow also told Cointelegraph that “Maze was the first ransomware group to steal and publish data, and it is a strategy that other groups have since adopted.”

Maze also publishes press releases on the same website where stolen data is published. Those announcements closely resemble the statements released by ordinary companies, although they often contain grammatical errors. In one such press release — published on March 22 — the group claims that it carries on its activities in an attempt to bring attention to the lack of cybersecurity. The release reads:

“We want to show that the system is unreliable. The cybersecurity is weak. The people who should care about the security of the information are unreliable. We want to show that nobody cares about the users. [...] Some people like Julian Assange or Edward Snowden were trying to show the reality. Now it’s our turn. We will change the situation by making irresponsible companies pay for every data leak.”

The announcement also promises that the public will hear more about successful attacks by the group in the future. In another announcement — dated March 18 — the Maze group also promised that firms they hack amid the pandemic will have right to a discount in the ransom:

“Due to the situation with the incoming global economy crisis and virus pandemic, our Team decided to help commercial organizations as much as possible. We are starting an exclusive discount season for everyone who has faced our product. Discounts are offered for both decrypting files and deleting of the leaked data. To get the discounts our partners should contact us using the chat or our news resource.”

As Cointelegraph recently reported, Maze also infected the systems of Hammersmith Medicines Research, a United Kingdom firm researching the coronavirus. Maze published sensitive data on its website including the results of medical tests and id documents, such as passports.

Tags
Related Posts
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Hackers Stole and Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms
Hackers compromised five United States law firms and demanded two 100 Bitcoin (BTC) (over $933,000 at press time) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it. According to data shared with Cointelegraph by cybersecurity firm Emsisoft, the hacker group — called Maze — already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1. The hackers published the data on two websites that were shared with the author of this article, …
Bitcoin / Feb. 3, 2020
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020
New Ransomware Uses a Banking Trojan To Attack Governments and Companies
A new type of ransomware attack emerged in recent months, raising red flags among the cybersecurity community and authorities such as the FBI in the United States. Cybersecurity firm Group-IB has warned that it comes in the form of a Trojan, according to a report published on May 17. According to Group-IB’s study, the ransomware is known as ProLock and relies on the Qakbot banking trojan to launch the attack and asks the targets for six-figure USD ransoms paid out in BTC to decrypt the files. The roster of victims includes local governments, financial, healthcare and retail organizations. Among them, …
Bitcoin / May 19, 2020
Report: Crypto crimes declined in 2020, but DeFi hacks are on the rise
Cryptocurrency-related crimes have slowed down in 2020, but some sectors within the crypto industry have become a new hotbed for criminal activity, a new report says. Citing major crypto analytics firm CipherTrace, Reuters reported on Nov. 10 that total losses from crypto thefts, hacks and fraud dropped from $4.4 billion in 2019 to $1.8 billion over the first 10 months of 2020. CipherTrace CEO Dave Jevans said that the general decline of criminal activity in the crypto industry is a result of increased security measures: “What we have seen is that exchanges and other cryptocurrency players have implemented more security …
Bitcoin / Nov. 10, 2020