Security News

Maze Ransomware hits more organizations, including Florida city one day after air base shooting

Avast Security News Team, 13 December 2019

Plus more news bytes of the week, including a crypto-mining Ponzi scheme and a social influencer sentenced for armed home invasion – over a domain name

The city of Pensacola, Fla. is recovering from a ransomware attack by the Maze group, which shut down the city the day after a shooting at its Naval Air Station. Maze, which has launched other recent U.S. ransomware attacks, told Bleeping Computer the attack was not related to the shooting, which is being investigated by the FBI as possible terrorism. “We did not know about this,” Bleeping Computer reportedMaze as saying. “It is just coincidence."

The Florida panhandle city reported Thursday that it has recovered email and landline phone connections. Emergency services were not affected by the attack, which sought a $1 million ransom, Maze told Bleeping Computer. 

On Monday Maze operators claimed responsibility for an attack against the wire and cable company Southwire, based in Carrollton, Ga., about 300 miles north of Pensacola. Last month Maze hit security staffing firm Allied Universal with another ransomware attack. “There is a wave of ransomware attacks targeting companies and institutions all over the world,” Avast Security Evangelist Luis Corrons said. “These attacks are so disruptive that many victims opt to pay the ransom, making this type of attack really profitable, and therefore the number of victims is growing every day.”

This week’s stat 

Most people say they will get online for work over the holiday break – one-third say they will several times a day. Learn how to stay safe while working remotely. 

Influencer gets 14 years for armed domain robbery scheme

The U.S. Department of Justice issued a press release announcing that Rossi Lorathio Adams II, a 27-year-old social media influencer in Iowa who goes by the online name “Polo,” has been sentenced to 14 years in federal prison for plotting an armed home invasion to coerce the owner of doitforstate.com to transfer the domain name. Adams recruited his homeless cousin Sherman Hopkins, Jr. to perpetrate the home invasion. The victim wrestled the gun from Hopkins hands, shot him, and called the police. Hopkins survived the shooting and was sentenced to 20 years in prison.

DoJ arrests 3 for BitClub Ponzi scheme 

The U.S. Department of Justice has arrested three men for allegedly running a cryptocurrency Ponzi scheme that defrauded investors of $722 million. The men ran a company called BitClub Network, a membership-based organization that allowed users to buy shares of various crypto-mining pools. The DoJ says those pools never existed. Emails between the three BitClub owners revealed that they called their clients “idiots” and “sheep.” All three face charges that could result in prison time as well as fines up to $250,000. Read more on ZDNet

This week’s quote 

“Our business  involves families’ babies, and our goal is for the food, experience, and cybersecurity to be healthy in every way." – Melissa Blake, winner the Avast Sharks Startup Challenge for her company, Sweet Pea Spoons

Over 460,000 Turkish payment cards for sale on dark web

Researchers have spotted a mass batch of stolen credit card and bank card details from Turkey’s top ten banks. Sellers were offloading the card details at costs ranging from $1-$3 per card. The card records are known as “fullz,” which means they contain all pertinent info a user would need to make online payments with them, from name and street address to the CVV number. Read more on Bleeping Computer

North Korea uses cybercrime-as-a-service

The notorious state-backed Lazarus Group in North Korea has deployed a new malware package created by the equally notorious TrickBot malware developers, Dark Reading reported. The revelation is part of a growing trend noted by cybersecurity experts, wherein national governments are more frequently using the services of common malware developers, even getting access to already infected systems that they can then compromise further. Researchers observed the Lazarus Group using the newly developed Anchor, a TrickBot-associated malware that specializes in stealth and data theft.

This week’s ‘must-read’ on The Avast Blog

Ever wonder about the three little numbers on your credit card – and who you shoiuld and shouldn’t disclose them to? Learn all about the card verification value (CVV).

750,000 applications for duplicate birth certificates exposed

A U.K. information security company discovered an unprotected Amazon Web Services bucket online filled with over 750,000 applications for duplicate U.S. birth certificates. The data belonged to a company which has not yet been named, but the information at risk included its customers’ contact information, past addresses, family names, and reasons for requesting the duplicate certificates. The oldest of the applications date back to 2017. Read more on TechCrunch.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.