Hackers Maze release four files of alleged Chubb data


Ransomware group Maze has published four sets of data labelled as “proof” of its hack of insurance giant Chubb.

The hackers first claimed to have penetrated the provider with a crypto-ransomware attack in March and threatened to publish data if payment demands were not met. They promised to publish what they defined as proof in due course.

At the time Chubb said it was investigating a computer security incident that may have involved unauthorised access to data held by a third-party service provider, but had no evidence the incident affected its network.

The released files purporting to have come from the attack on Chubb have been organised into categories labelled as document, email messages, payment gateway code and user details the largest of which runs to just under 120 lines.

According to Brett Callow, a threat analyst at antivirus and decryption solutions company Emsisoft, hackers tend to start with publishing older and less sensitive material.

Callow noted that he could not say whether the documents in this instance provided any insights as to the possible extent of any breach.

“If you think about it that strategy makes sense,” he told Post. “The more data they publish and the more sensitive that data is the less incentive the victim would have to pay to prevent the remaining data being published.”

He added: “This is simply a warning shot, they don’t have to publish much data at this point.

“All they need to do is convince the company they have it. It is like a kidnapper sending a pinky finger.”

Maze first appeared around the middle of last year, according to Callow, and the hackers did not start publishing stolen data until November.

“They were the first to do it but numerous others have now jumped on the same bandwagon and it is pretty much a standard practice,” he commented.

In his view cyber incidents are worse now than they used to be with breaches leading on occasion to data being sold on dark web.

He detailed that in some cases the impact goes beyond the target company with information sold to competitors or used in spear phishing attacks on clients.

Callow explained that hackers can have access to a victim’s network for days, weeks or even months before deploying the ransomware.

“Companies in this position have no good option,” Callow continued pointing out that even if a ransom is paid the victims are having to trust that criminals delete the data rather than monetise it another way.

How much Maze charges depends on how much they think the victim can afford to pay, he said, putting previous cases at up to $2m (£1.6m).

Chubb, which has been a highly visible participant in the cyber insurance market for many years offering cover to individuals, SMEs and larger corporations, did not respond to requests for comment.

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.postonline.co.uk/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: