Hackers Stole and Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Published at: Feb. 3, 2020

Hackers compromised five United States law firms and demanded two 100 Bitcoin (BTC) (over $933,000 at press time) ransoms from each firm: one to restore access to the data, one to delete their copy instead of selling it.

According to data shared with Cointelegraph by cybersecurity firm Emsisoft, the hacker group — called Maze — already started publishing part of the data stolen from the aforementioned firms. Two of the five law firms were hacked within the 24 hours leading to Feb. 1.

The hackers published the data on two websites that were shared with the author of this article, but will not be released to protect the firms involved. Maze group first names the hacked companies on its website and — if they do not pay — publishes a small part of the stolen data as proof and keeps releasing increasingly sensitive parts of it over time. When a firm pays, the group removes its name from the website.

Callow also said that “the group has also published data in Russian hacker forums with a note to ‘Use this information in any nefarious ways that you want.’” Because of this, he believes that more data will be published unless the hacked firms pay. He also explained:

“It seems highly unlikely that a criminal enterprise would actually delete what it may be able to monetize at a later date.”

Callow explained that ransomware groups started stealing data — instead of just encrypting it — at the end of 2019. Now cybercriminals are also threatening the victims with release of the data to extort payment. He said that “the groups have stolen and published data from law firms (including client info.), accounting firms (including client info.), medical practices and medical testing labs (including patient info.) and insurance companies.”

Callow also gave an overview of the ransomware economy. He explained that Emsisoft had over 200,000 ransomware submissions last year and he estimates that to be about 25% of the total, which boils down to 800,000 cases in 2019. The average demand is now over $80,000, so the total ransom demanded last year according to his estimates added up to $64 billion.

Ransomware’s impact on public perception of crypto

Lastly, Callow also raised the question of how such instances influence the public’s perception of cryptocurrencies. He explained that as ransomware started stealing particularly sensitive data, it is “likely to result in more legal actions being taken against ransomware groups, web hosts and currency exchanges.” He then said:

“Legal actions such as these, as well as the fact that the incidents result in very sensitive data being exposed, is likely to raise the profile of ransomware cases. In turn, that could result in the public thinking cryptocurrency is ‘just for criminals’ making it harder for crypto to become more mainstream.”

High profile ransomware attacks are increasingly frequent. The European Union Agency for Law Enforcement Cooperation released a report in October 2019, noting that ransomware is still the top cybersecurity threat.

Recently, a United Kingdom High Court ordered a proprietary injunction on Bitcoin obtained through a ransomware attack that was moved onto an exchange on a Canadian insurance company. At the end of 2019, a Texas-based data center provider CyrusOne has reportedly fallen victim to a ransomware attack.

Tags
Related Posts
Don’t blame crypto for ransomware
Recently, gas has been a hot topic in the news. In the crypto media, it’s been about Ethereum miner’s fees. In the mainstream media, it’s been about good old-fashioned gasoline, including a short-term lack thereof along the East Coast, thanks to an alleged DarkSide ransomware attack on the Colonial Pipeline system, which provides 45% of the East Coast’s supply of diesel, gasoline and jet fuel. In cases of ransomware, we generally see a typical cycle repeat: Initially, the focus is on the attack, the root cause, the fallout and steps organizations can take to avoid attacks in the future. Then, …
Technology / May 30, 2021
Reddit user warns of a copy & paste exploit that stole his crypto
A Reddit user operating under the name “seraf1990” warned of a copy & paste crypto scam that replaced a wallet address he copied from Coinbase with one belonging to scammers. According to seraf1990, he lost about $350 worth of Bitcoin (BTC) — money that he notes was meant to go towards his rent for next month. The post explains that seraf1990 was attempting to cash out some BTC by sending it from Binance to his account on Coinbase. After copying the exchange’s Bitcoin wallet address, he pasted it into the appropriate field back on Binance and completed the transaction “without …
Bitcoin / Aug. 26, 2020
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Maze Hacker Group Claims Infecting Insurance Giant Chubb with Ransomware
Black hat hacker group, Maze, claims to have used ransomware to compromise the systems of insurance giant, Chubb. They also claim to have stolen the firm’s data. Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the claim on its website. While the website does not provide any direct proof of the hack so far, Callow pointed out facts that give the claim an air of credibility: “Maze’s past victims include governments, law firms, healthcare providers, manufacturers, medical research companies, healthcare providers and more.” Maze’s modus operandi Callow explained that the group usually …
Bitcoin / March 29, 2020