Maze ransomware gang threatens to publish sensitive stolen data after US aerospace biz sensibly refuses to pay

Bungling cybercrooks throw toys out of the pram as negotiations shut down

The Maze ransomware gang has threatened to publish information stolen from an American firm that overhauls airliners and installs flight control software upgrades – because its victim refused to pay a demanded ransom.

In a "press release" published on its leaks website, Maze raged against victims who refused to play its game and cough up vast sums of money to decrypt their illicitly encrypted data.

Among those recent targets was VT San Antonio Aerospace, a maintenance, repair and overhaul (MRO) company in Texas. A subsidiary of ST Engineering, VT San Antonio was said to have lost 1.5TB of data to the Maze criminals. Its MRO customers include Air Canada, Fedex and UPS Airlines.

Earlier this week the Maze gang highlighted ST Engineering for not paying the ransom, a sensible action that busts the gang's business model.

'Work pressure' sees Maze ransomware gang demand payoff from wrong company


In its post the gang complained that ST Engineering's ransom negotiator "lied" before declining to take part in "further negotiation" with them, promising: "Soon it will be the time for weapon contacts, contracts for alteration of airplanes for first persons, contracts with dictatorship countries, contacts for cybersecurity systems for government structures. We just can't understand what cybersecurity they are talking about as they have an Australia size security hole in their security perimeter."

Ed Onwe, veep and general manager of VT San Antonio Aerospace, told The Register that local authorities had been informed of the ransomware attack as the firm figured out how to respond to the initial infection, adding: "As part of this process, we are conducting a rigorous review of the incident and our systems to ensure that the data we are entrusted with remains safe and secure. This includes deploying advanced tools to remediate the intrusion and to restore systems.

"We are committed to responding to this incident transparently and proactively, and already have begun notifying potentially affected customers. We will be working with our customers and industry peers to share insights and any lessons learned so that they can learn from our experience."

The Maze gang has stepped up its public-facing activities in recent weeks, not without cost to itself. Last week it sent a ransom demand to the wrong company, having mixed up two firms' names. It has also targeted Posh Spice's perfumers and other celebrity lawyers, about whom El Reg will be writing more soon. Its tactics include leaking selected files publicly to apply further pressure to victims, in the hope they pay the demanded ransom, as well as – it now seems – ranting away when they refuse to play the game.

Current British government advice is never to pay a ransomware demand: it not only encourages and enriches the crooks but there's no guarantee that they'll delete your data as they promise. ®

Send us news

Hive ransomware crooks extort $100m from 1,300 global victims

FBI, CISA sound the alarm and detail IOCs

Sandworm gang launches Monster ransomware attacks on Ukraine

The RansomBoggs campaign is the Russia-linked group’s latest assault on the smaller country

Serendipitous discovery nets security researcher $70k bounty

Also, a phishing gang goes Royal, while another employee at Snowden's old haunt gets caught nabbing data

Notorious Emotet botnet returns after a few months off

And it's been sending out hundreds of thousands of malicious emails a day

LockBit suspect cuffed after ransomware forces emergency services to use pen and paper

Plus: CISA has a flowchart for patching, privacy campaign goes after face search engine

Australia to 'stand up and punch back' against cyber crims

Creates 100-strong squad comprising cops and spooks with remit to disrupt ransomware ops

International summit agrees crack down on crypto to combat ransomware

Commitments include international wallet info sharing, KYC requirements, and an AML crackdown

Ransomware cost US banks $1.2 billion last year

Up 188% on 2020 but could be because financial institutions were encouraged to report incidents

The White House's global ransomware summit couldn't come at a better time

As cyber threats ramp up, businesses and organizations will be hoping for more than platitudes

Robin Banks crooks back at the table with fresh phish from Russia

Phishing-as-a-service group's toolset now includes ways to get around MFA

Ransomware down this year – but there's a catch

2021 was such a banner year for extortionists, 2022 is gonna look rosy in comparison

Unofficial fix emerges for Windows bug abused to infect home PCs with ransomware

Broken code signature? LGTM, says Microsoft OS