back to article Maze ransomware gang threatens to publish sensitive stolen data after US aerospace biz sensibly refuses to pay

The Maze ransomware gang has threatened to publish information stolen from an American firm that overhauls airliners and installs flight control software upgrades – because its victim refused to pay a demanded ransom. In a "press release" published on its leaks website, Maze raged against victims who refused to play its game …

  1. Robert Grant

    No one likes ransomware criminals, but this article seems weirdly schoolchildish. They mixed up two companies' names? Ooooh!

    Where's the critique of bad company security?

    1. John Doe 12

      To be honest The Register has been turning "weirdly schoolchildish" for a long time now. Some of the "reporters" here seem to be more interested in making up some stupid catchy byline than writing a decent grown-up article. So have an upvote from me :-D

      1. amanfromMars 1 Silver badge

        Someone with a blunt axe to grind?

        To be honest The Register has been turning "weirdly schoolchildish" for a long time now. Some of the "reporters" here seem to be more interested in making up some stupid catchy byline than writing a decent grown-up article. So have an upvote from me :-D ..... John Doe 12

        Others considerably more experienced in the field, love the style and can even find it most endearing and surprisingly refreshing, John Doe 12 [42 posts, joined 7 Sep 2010]

        Where do you normally go to, my lovely, with/for your insults?

        1. robidy
          Paris Hilton

          Re: Someone with a blunt axe to grind?

          Stat fight ROFL

        2. John Doe 12

          Re: Someone with a blunt axe to grind?

          "Others considerably more experienced in the field"

          And there is a beautiful example of someone making wild assumptions based on zero information. How do you know what I do for a living any more than I would know what you do either? So I have 42 posts and joined in September 2010 - big deal ha ha. Doesn't change the fact that The Register is slowly turning into some weird tech version of the Daily Mail.

          1. VanguardG

            Re: Someone with a blunt axe to grind?

            Then why do you come here?

            1. John Doe 12

              Re: Someone with a blunt axe to grind?

              Because it hasn't got all the way there yet. When that day comes I will stop visiting The Register, you can be sure of it :-D

              Anyway it's fun to annoy the commentards who think they own the place because they have such a huge... post count ;-) Maybe that's some form of compensation for other issues?

              1. amanfromMars 1 Silver badge

                Re: Strange Fun in Fruitless Search of Perverse Pleasure

                Anyway it's fun to annoy the commentards who think they own the place because they have such a huge... post count ;-) Maybe that's some form of compensation for other issues? ...... John Doe 12

                Sounds exactly like something a wannabe someone and/or virtual nobody, a John Doe, with a blunt axe to grind as some form of compensation for other issues, would do, John Doe 12.

        3. W.S.Gosset

          Re: Someone with a blunt axe to grind?

          Gotta say, AMFM's new algorithm is somewhere between or both a frighteningly genius leap forward and out, and geniusly good.

          If I didn't know better, if I came in cold today, I'd say it was human. Mad(ish) but human.

          The ideal ElReg Commentard, in fact. :D

      2. Cliff Thorburn

        To be honest The Register has been turning "weirdly schoolchildish" for a long time now

        Has it been outsourced to Capita?

    2. General Purpose

      You want every such report to have a critique of bad company security? What would it say, "this company seems to have had bad security, wish we knew more but they won't come right out and say what happened, there's only so much we can find out, sorry"? Every time? You'd soon complain.

  2. EricM
    Thumb Up

    An sensible response, indeed

    That's exactly the way to put these crooks out of business.

    Paying ransom makes the problem worse for everyone.

    1. Phil O'Sophical Silver badge

      Re: An sensible response, indeed

      That's exactly the way to put these crooks out of business.

      Personally I'd prefer to see a SEAL or SAS team do it. Sends a much better message.

      1. EricM

        Re: An sensible response, indeed

        Agree, however, determining physical locations is very hard in most instances of an electronic attack.

        And even if you succeed, SEALs blowing up a coworking space in downtown SF or SAS in an east London neighborhood might not be seen as an adequate reaction by some ...

      2. Doctor Syntax Silver badge

        Re: An sensible response, indeed

        If this keeps up they'll upset somebody who might do just that.

        1. JohnG

          Re: An sensible response, indeed

          There was a story (possibly apocryphal) that the Russian minister responsible for Internet, online security and the like had responded to some Russian spammers, telling them to stop sending their crap. They responded by flooding him with spam. He responded by ordering the spammers to be found and in short order, they were all on the receiving end of SWAT style raids and long prison terms.

          1. Claptrap314 Silver badge

            Re: An sensible response, indeed

            I don't know about spammers, but I DO know that during the kidnapping surge in the 80's, the Soviet response was...more kinetic than ours. Problem solved.

        2. Anonymous Coward
          Devil

          Re: An sensible response, indeed

          That's why you don't see ransomware attacks on Russia, Israel, Turkey, or Saudi Arabia.

    2. big_D Silver badge

      Re: An sensible response, indeed

      And if the whole press and blogosphere ignored their rantings...

      If the only press was that companies refused to pay and the childish rants were ignored completely in the press, on social media etc. they wouldn't get the publicity they so obviously crave.

    3. bombastic bob Silver badge
      Devil

      Re: An sensible response, indeed

      dare them to carry out their threat

      make sure the cops are involved

      follow the money

      eventually they'll get caught. Seeing them spend a decade or two in the iron bar hotel is worth it.

  3. Anonymous Coward
    Anonymous Coward

    Remind me again.....

    ....how this works:

    1. Bad guys penetrate a target network and steal data.

    2. Then bad guys encrypt data on the target network.

    3. Then bad guys demand a ransom...they will UN-ENCRYPT the network in exchange for money.

    4. Once the money is paid, they will destroy the stolen data.

    *

    In this case, refusal to pay has resulted in bad guys having a conniption.

    *

    About item #1, do the target folk actually know how the breach was accomplished?

    About item #2, do the target folk have recent backups?

    About item #3, once the money is paid, will the bad guys actually un-encrypt?

    About item #4, these are bad guys...will they actually destroy the data?

    *

    And then there's item #5.....Are the bad guys STILL IN THERE (with enough permissions to repeat item #2)?

    *

    And finally.....I'm trusting LOTS of people with my PII......how common is this disaster? Is this the only time this has happened this week....or are there thousands of unreported breaches going on all the time?

    *

    I think we should be told!

    1. VanguardG

      Re: Remind me again.....

      This type of thing is not super-common, but it does remain a threat. The best choice is to examine the encrypted files, as the "last modified" flag will usually let you track where the infection got in - even today its usually done by email attachments, tried and true method. Most don't want to put in the effort to actually run an exploit to gain direct access to a network's files if they can get someone who already has access to run their encrypter for them.

      Never trust a criminal to do what they say they will. And if they extort the money from you once, they'll be back for more.

      Take backups multiple times per day, test them regularly by actually restoring data from the media Try to educate users about attachments - though that's never easy to do.

      Stay educated on the topic, and bookmark the anti-ransomware sites on a phone or laptop that's not on the network, so if you're hit, you can identify what you got hit by - there may be a free-to-use decrypter available.

  4. Arthur the cat Silver badge

    Maze raged against victims who refused to play its game

    This sort of entitled idiocy by crooks amazes me. I got the same thing when I played along with "Microsoft" who had phoned me up to tell me they'd detected a virus on my computer in a thick Indian accent. After about half an hour I got bored and pointed out that I don't actually have any Windows boxes in the house, at which point they complained vehemently about me wasting their time.

    1. MrBanana

      Re: Maze raged against victims who refused to play its game

      "they complained vehemently about me wasting their time"

      Yes, that's when it gets really funny - "Me? Wasting your time?". My record is just under the hour to keep them on the hook, getting passed up the chain to senior crooks on the journey. They now mostly know how to check if I'm using a Mac, and there is a halfhearted attempt to get me to download the Mac version of TeamViewer, which I can rebuff for at least 15 minutes then tey give up. But they get really pissed when I repeatedly tell them I really have a Windows key, which I do on my Thinkpad P50, but that it does nothing - mostly because I'm running Kubuntu and don't map that key to anything. Twice I've been told I was the bad person and they will shutdown my internet.

      1. Tom 7

        Re: Maze raged against victims who refused to play its game

        I just tell them that I pressed the windows key and the computer switched off. They have to wait 'while it boots again' and I can play a couple of hard sudoko while thanking them for their diligence in helping me.

    2. DavCrav

      Re: Maze raged against victims who refused to play its game

      They're just trying to make a dishonest living here. You don't have to go and mess them about over it.

    3. Tom 7

      Re: Maze raged against victims who refused to play its game

      "at which point they complained vehemently about me wasting their time". That's the money shot for me. Its worth Shielding just to have the time to reach that phrase or similar.

      1. Graham Lockley

        Re: Maze raged against victims who refused to play its game

        I play the same game and wound up having their 'supervisor' teling me to f*ck off. Made my day :)

    4. JimboSmith Silver badge

      Re: Maze raged against victims who refused to play its game

      When those scam merchants ask me to download the software and allow them to connect I have a surprise. I tell them I'll need to hang up to get on the internet which usually is met with protests. I explain that the modem has to use the phone line to dial the internet and no I don't have a mobile. After they get over the "You're using Dialup???" I explain that I've only really got the computer for online banking and shopping.

      I hang up after promising to download the software and go back to what I was doing. A couple of them actually called back only to be met by Barry from Birmingham who runs a small garage/workshop. They often have trouble with my new Brummie accent which is amusing given the "difficulty" I have with theirs. The fun I have had either:

      Telling them their 'big end' has gone. Explaining that you don't see too many of them around for an Austin Princess anymore. I ignore their protestations about not knowing what I'm talking about. I finish with if they can give me their bank details for a deposit I'll get looking for one.

      Or

      I explain that the broadband is down can they help me fix it. This is especially good if they're "calling from my ISP." They've never been able to help sadly which is rubbish from "my ISP".

      Since ditching the landline number I get less of these calls.

  5. amanfromMars 1 Silver badge

    And in the Other Corner we have ..........

    In its post the gang complained that ST Engineering's ransom negotiator "lied" before declining to take part in "further negotiation" with them, promising: ...

    The suspicion there then is the ST Engineering's ransom negotiator is in the pay/pocket of others with an altogether different agenda?

    Current British government advice is never to pay a ransomware demand: it not only encourages and enriches the crooks but there's no guarantee that they'll delete your data as they promise.

    :-) That's rich ..... coming as it does from an operation that thinks to extract taxes from every Tom, Dick and Harriett and their employers to enrich themselves with a presumed immunity and impunity from investigation and prosecution/persecution.

    And when one can't or won't pay, praise be for the Magic Money Tree and the Quantitative Easing Slug Drug ...... A Bottomless Pit of Phantom Paper Help Billed to the Future for Something/Someone Else to Pick Up the Tab and Pay with More of the Same Sort of Mega Meta Data Base Bull Shit?

    However, not a particularly bright plan that one, whenever it relies so heavily on ignorant schmucks always playing such a dumb game ...... whenever greater intelligence today is virtually free and available practically everywhere for a more enlightened race/more enlightened races on Earth, highlighting the perversion and catastrophic systemic vulnerability being exhaustively exploited, abused and misused.

    1. Plest Silver badge
      Facepalm

      Re: And in the Other Corner we have ..........

      Throw a few references to Brexit and the handling of COVID-19 and you got yourself big old Daily Fail NIMBY style rant going there my friend!

      1. amanfromMars 1 Silver badge

        Re: And in the Other Corner we have ..........

        Throw a few references to Brexit and the handling of COVID-19 and you got yourself big old Daily Fail NIMBY style rant going there my friend! .... Plest

        That's low hanging fruit for plebs dealing with the present, Plest, and of no interest to that and/or those into futures and their derivative ventures.

        Ignore what you now know at your peril, Plest, for it is designed to effectively enslave and inevitably destroy you as you feed it its seeds and needs ....... which is another one of those real dumb moves the systems administrators thank you for.

      2. Youngone Silver badge

        Re: And in the Other Corner we have ..........

        That's amanfromMars 1 you're replying to.

        I am pretty sure he's some sort of AI, although that screed is much more comprehensible that usual.

        Weirdly libertarian though which is new.

      3. Anonymous Coward
        Anonymous Coward

        Re: And in the Other Corner we have ..........

        Don't forgot to mention how much their house cost!

    2. Anonymous Coward
      Anonymous Coward

      Re: And in the Other Corner we have ..........

      Note to El Reg: 'amanfromMars' has had his account hijacked, its oviously far more lucid than anythng he has posted before and is dagerously close to Daily Fail mindset.

  6. BebopWeBop

    Keep talking bar stewards, it improves the chances of finding you.

  7. Pascal Monett Silver badge
    Flame

    Another key consulting firm gets hacked

    Look, I appreciate that they told these miscreants to get stuffed, but how's about having proper security in the first place ?

    Why is it that all these consulting firms with critical data seem to find the way to install "advanced tools" to magically solve their incompetence after the fact ?

    How about installing those damn "advanced tools" before you get hacked ?

    And what exactly are those "advanced tools" ? A firewall ?

    1. robidy

      Re: Another key consulting firm gets hacked

      Usually basic patch management...it's how most get a foothold...that or SQL injection on a shonky web site...

    2. Jan 0 Silver badge

      Re: Another key consulting firm gets hacked

      COW: What happened to frequent read only snapshots of your data?

    3. KSM-AZ

      Advanced Tools

      A lucky hit on google chrome, grab the password file for an admin, ... Have sanpshots and backups people! Advanced ($$$) tools?

      Next gen threat protection:

      Crownstrike

      Carbon Black

      Cylance

      High dollar firewall:

      PA firewall with SSL inspection.

      Email / MIME defang and mask:

      Proof-point / Mimecast / Barracuda

      Log and traffic monitoring:

      Splunk, third party active monitoring, Arctic wolf, crowdstrike again.

      Implement MFA. This is huge for phishing.

      Most smaller companies have plenty of gaps in just this short list.

    4. Anonymous Coward
      Anonymous Coward

      Re: Another key consulting firm gets hacked

      Sounds like that theory on the internet a few years ago, about virus software was written by AV companies to push sales!

  8. Aussie Doc
    Black Helicopters

    Hmmmm...

    I new to this criminal mastermind stuff but wouldn't it hurt your 'brand' if you didn't actually carry out your threat(s) rather than extend it.

    Sort of like: "We've done <this thing> to your data. If you don't pay <these $> by <this time> we'll do <this thing> to/with your data."

    When negotiations 'break down' then you carry out said <this thing> or how would anybody take your brand seriously?

    Would be laughable if it wasn't so serious and detrimental, but I agree with the commentards about one day upsetting the wrong folks.

    1. amanfromMars 1 Silver badge

      Re: Hmmmm...

      That's exactly what the wrong folk are terrified of, Aussie Doc, criminal mastermind stuff being carried out or outed rather than merely threatened in exchange for luscious lucre/fantastic fiat.

      As such then, is it easily recognised and may even be classed and classified as a weaponised 0day vulnerability to exploit exhaustively against which there is no effective available defence.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like