- Hackers behind the Maze ransomware published stolen data from a United Kingdom-based medical research firm Hammersmith Medicines Research (HMR), reports Computer Weekly. HMR was on "standby" for developing vaccines for the novel coronavirus outbreak.
- HMR discovered the "severe attack" on March 14. The organization "repelled" the attack and restored its computer systems within the same day, Malcolm Boyce, managing and clinical director and doctor at HMR, told Computer Weekly. However, by March 21, the hackers published files dating back anywhere between eight and 20 years.
- The published data includes information on medical trial volunteers, including proof of identification, medical backgrounds, and the vaccination studies volunteers participated in, Brett Callow, threat analyst at Emsisoft told CIO Dive in an email.
The attackers behind Maze have reinvented ransomware and how its victims deal with ransom payouts.
Callow warns the hackers likely have not published all of the stolen data. The Maze group is publishing "proofs," or small amounts of data, with the expectation of more "staggered" publication to come.
While Maze is known for targeting public entities, the Maze group reportedly called "an amnesty on attacks on medical organizations for the duration" of the coronavirus outbreak, said Callow. "I've since seen them described as Robin Hood-esque."
Forbes collected cybercriminals' responses to the coronavirus pandemic and their likely plan of action. The report, published last week, demonstrates "criminals cannot be trusted — to the surprise of absolutely nobody — and that they should not be given a voice," said Callow.
This isn't the first time the Maze operators have claimed moral integrity. After the hacker group targeted Pensacola, Florida in December, the operators said their malware stopped short of "socially significant services," including "hospitals, cancer centers, maternity hospitals and other socially vital objects."
The ransomware-turned-data-breach method is influencing other hacker groups, such as REvil and DoppelPaymer. DoppelPaymer, which recently targeted a manufacturer for Boeing, Tesla and Lockheed Martin, turns its ransomware attacks into data breaches.