leowolfert - Fotolia

Two attacks on Maze ransomware list confirmed

Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom.

This Content Component encountered an error

Two attacks found on the Maze ransomware list have been confirmed.

The original list of alleged Maze ransomware victims, posted earlier this month, included seven possible victims, as well as sample files the group claimed were stolen during the attacks and a full 3 GB dump from one company. SearchSecurity discovered two more companies were added to the Maze ransomware victim's list, one of which had previously confirmed a ransomware attack.

On Dec. 13, Busch's Fresh Food Markets, an independently owned supermarket chain based in Michigan, disclosed that it was the victim of a ransomware attack on Dec. 9. Busch's asserted it there was no evidence that payment card data was compromised and that they believed "this ransomware was only designed to lockdown our internal systems and interrupt our business, not to steal data." Busch's also detailed the reasons it didn't pay the ransom.

"First, even if we had paid the ransom, there was no guarantee that we would ever actually get access to our systems again. Second, if we had paid them it was more likely that they would try and extort us again," Busch's wrote in a blog post. "Finally, we chose not to pay because doing so would perpetuate this type of behavior and give them funds to go after other companies."

Busch's spokesperson had not responded to SearchSecurity's request for comment at the time of this post, so the validity of the documents leaked by Maze could not be confirmed.

On Wednesday, Canadian insurance firm Andrew Agencies Ltd., one of the original companies listed on the Maze ransomware site, admitted to being hit with ransomware.

Dave Schioler, executive vice president and general counsel for Andrew Agencies, confirmed in an email to CTV News that the company was the victim of a ransomware attack and said the company did not pay the ransom. Schioler did not mention the Maze gang, but the threat group contacted Lawrence Abrams, CEO of BleepingComputer, to provide more proof it was behind that attack. 

The stated goal of the victim's list published by Maze was to pressure companies to pay the ransom, but it is unclear how successful the group has been with that goal. The two new names added to the list add up to nine possible victims that have not paid, but only two of those companies have even admitted to being attacked. There is no information on how many organizations were hit with Maze ransomware and did pay the ransom.

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing