Maze Hacker Group Claims Infecting Insurance Giant Chubb with Ransomware

Black hat hacker group, Maze, claims to have used ransomware to compromise the systems of insurance giant, Chubb. They also claim to have stolen the firm’s data.

Brett Callow, threat analyst at cybersecurity firm, Emsisoft, told Cointelegraph on March 27 that Maze published the claim on its website. While the website does not provide any direct proof of the hack so far, Callow pointed out facts that give the claim an air of credibility:

“Maze’s past victims include governments, law firms, healthcare providers, manufacturers, medical research companies, healthcare providers and more.”

Maze’s modus operandi

Callow explained that the group usually first claims the hacks after successful attacks and then — if the victim does not pay — they publish a small amount of the stolen data as proof of the hack. At this point, if the compromised entity still does not pay, Maze will start publishing more and more sensitive data:

“Should the company still not pay, more data is published, sometimes on a staggered basis, to ramp up the pressure. In previous cases, the criminals have also published the data on Russian cybercrime forums with a note to ‘Use this information in any nefarious ways that you want.’ In one previous incident, the group demanded $1 million to decrypt a company’s data plus an additional $1 million to destroy the copy that had been stolen.”

In February, Maze compromised five United States law firms and demanded two 100 Bitcoin ransoms in exchange for restoring data and deleting additional copies of their files. The ransom amount demanded from Chubb is not currently known.

According to company data website, Owler, Chubb is an insurance provider headquartered in Zurich with 32,700 employees and an annual revenue of $34.2 billion. The firm did not answer Cointelegraph’s inquiry by press time.

An organized hacker group

Maze is a particularly notorious and well-organized cybercriminal group. Callow also told Cointelegraph that “Maze was the first ransomware group to steal and publish data, and it is a strategy that other groups have since adopted.”

Maze also publishes press releases on the same website where stolen data is published. Those announcements closely resemble the statements released by ordinary companies, although they often contain grammatical errors. In one such press release — published on March 22 — the group claims that it carries on its activities in an attempt to bring attention to the lack of cybersecurity. The release reads:

“We want to show that the system is unreliable. The cybersecurity is weak. The people who should care about the security of the information are unreliable. We want to show that nobody cares about the users. […] Some people like Julian Assange or Edward Snowden were trying to show the reality. Now it’s our turn. We will change the situation by making irresponsible companies pay for every data leak.”

The announcement also promises that the public will hear more about successful attacks by the group in the future. In another announcement — dated March 18 — the Maze group also promised that firms they hack amid the pandemic will have right to a discount in the ransom:

“Due to the situation with the incoming global economy crisis and virus pandemic, our Team decided to help commercial organizations as much as possible. We are starting an exclusive discount season for everyone who has faced our product. Discounts are offered for both decrypting files and deleting of the leaked data. To get the discounts our partners should contact us using the chat or our news resource.”

As Cointelegraph recently reported, Maze also infected the systems of Hammersmith Medicines Research, a United Kingdom firm researching the coronavirus. Maze published sensitive data on its website including the results of medical tests and id documents, such as passports.