The Maze Team attackers continue to announce more of their ransomware victims that have not complied with their ransom demands, and they continue to dump data from those who do not pay them. When I checked their site again today, I noticed that they had announced that they have dumped all their files on the City of Pensacola, and they have also dumped all their files on Salumificio Fratelli Beretta, a cured meat provider. But I also see other sites that have been added or updated, including Stockdale Radiology in California. Stockdale Radiology is one of the medical entities Maze Team had informed me about previously and had sent me a sample of patient files from. According to Maze Team’s site, the radiology center’s data were locked on January 17 of this year. The site lists two zipped archives of files as proof — but both links return 404 as of today’s date. There is no notice up on Stockdale Radiology’s site at this time about any attack or disruption in their services. Medical Diagnostic Laboratories, LLC (MDL or MDLab) had already had some of their data dumped by Maze Team. They now appear to have had more of their files dumped. There is no announcement or notice on their website that might inform patients of any problem or data theft and there is no notice from the listed on HHS’s public breach tool at this time. When I had asked Maze Team about their success rate in terms of victims paying them, they indicated that it was more than 50%, although of course, I have no way to verify that particular claim. But there are other medical entities that they claim they have attacked that have not appeared on their website yet, so I fear we are in for a lot of announcements and updates from them. Lakeland Community College in Ohio also became a victim, it seems. Their data were reportedly locked on January 12 and 19 GB of data were allegedly downloaded. There is no notice on the college’s site as of today, and the proof file is not linked to a working file. And while my focus tends to be on medical and educational facilities, let’s not forget that Maze Team is attacking all kinds of enterprises, including, it seems, Anheuser-Busch (ST. LOUIS, MO). Maze Team does not provide a lock date, but they added them to their site three weeks ago and they do provide sample files from the well-known beer brewery. The samples include some certified mail, a number of lease-related files, sales projections, and other files that include their 2019 incident response plan for any PCI-DSS incidents. UPDATE:  that victim is not Anheuser-Busch, but appears to be Busch’s Fresh Food Markets, a Michigan-based chain. DataBreaches.net apologizes to Anheuser-Busch for repeating Maze Team’s error. They have also attacked a law firm in Oregon:  Hamilton and Naumes, LLC. That attack took place on January 16, and there are no proof files uploaded as of today’s date, but if they were able to get everything, then there may well be a lot of sensitive files as the firm’s areas of practice include family law, juvenile law, and criminal defense. And as I did with covering thedarkoverlord, I will note that I understand why some journalists will not cover these attackers or other attackers using the same model for fear of encouraging them or for fear of helping to put pressure on the victim entities. I respect that decision by others while continuing to believe that I serve the public best by keeping it informed as to what is going on so that they can gauge risk for themselves and perhaps take more steps to prevent themselves from becoming victims. CORRECTION: Post-publication, it was pointed out to me that the Anheiser-Busch entry may really be for a grocery store. On further investigation, it appears that the attackers did mislabel their victim. The victim company appears to be Busch, Inc., Busch’s Fresh Food Market.

Categories: security