Update as of 06/19/2020: Maze ransomware operators, who are one of the well-known ransomware groups targeted two well-established organisations and leaked their confidential data on their website.
Previously the Cyble Research Team verified and reported the data leak of seven well-known organisations which were been made by the Maze ransomware group. But in this instance, the ransomware group leaked highly sensitive data and documents of the Provincial Electricity Authority and Mark’s Plumbing Parts. The Provincial Electricity Authority (PEA) is a Thai state enterprise under the Ministry of Interior. Established on 28 September 1960 by the Provincial Electricity Authority Act 1960, PEA is responsible for providing electricity in 74 provinces in Thailand. Since 1980, Mark’s Plumbing Parts has been a supplier of quality plumbing specialty repair parts, faucets, fixtures, and maintenance supplies catering to the institutional, hospitality, educational, and housing markets for over 30 years.
Below are the snapshots of the messages posted by the Maze ransomware operators on their website.
The Cyble Research Team has identified and analysed both the data leaks of around 13GB. The data leak includes the company’s annual audit documents, bank reconciliation statements, goods resale registration docs, invoices, and much more. Below are the snapshots of some of the leaked data of the organisations published online.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.
Cyble is a US-based cyber threat intelligence company with the express mission to provide organizations with real-time views of their supply chain cyber threats and risks.