BetUS Hacked by Crypto-Ransomware Group Maze

  • BetUS has become the latest victim of a crypto-ransomware group known as Maze
  • Emails have been compromised, customer details yet to be shared online
  • Sportsbook must pay a ransom in Bitcoin to prevent data being published

 

hacker working on a code
Online sportsbook BetUS has been hacked and is being held to ransom by a self-described crypto-ransomware group known as Maze. [Image: Shutterstock.com]

Sportsbook held to ransom

Popular gambling operator BetUS, a sportsbook incorporated in Curacao, has become the latest victim of a self-described crypto-ransomware group known as Maze. The hacking group is currently holding the sportsbook’s internal data for ransom, although the sum has yet to be disclosed.

The hacking group has released very little information so far, but have offered proof of the hack by publishing almost one gigabyte of data from servers belonging to BetUS. Data includes company files, including minutes of board meetings, and worryingly, passport scans from company executives.

offered proof of the hack by publishing almost one gigabyte of data from servers belonging to BetUS

While customer data has yet to be released, it is understood that the hacking group often publishes files if no ransom money is forthcoming.

Not the only target

While gambling operators have been hacked before, this particular group is quite unique in that it will “name and shame” those it hacks via its own website.

According to the latest update, it seems that BetUS has not been the only target. In recent days the group has also hacked cybersecurity insurance firm Chubb and a French company known as Bouygues Construction.

Both companies have released short statements that acknowledge the hack has taken place, although BetUS is yet to comment.

Maze is most well-known for its attack on Southwire, a prominent cable and wire manufacturer. In December, when the company did not pay its $6m ransom, the group shared more than 120GB of data that they had stolen online. The company managed to get the site taken down, but it was shortly put back online after rehosting via another location.

Group has shown mercy before

However, also in December 2019, Maze showed mercy on the American city of Pensacola, Florida, and decided not to publish the information they had hacked. Instead, they simply left ‘proof’ online that the hack took place.

In a statement the group said: “We are going to make a gift to City of Pensacola: we will not publish leaked private data, but we publish the list of leaked data and hosts to prove that we did it, we really hacked the City of Pensacola.”

Emails also at risk

It is unclear what BetUS will do next. However, according to the Maze website, the hacking group currently controls three of its most prominent emails: [email protected]; [email protected]; and [email protected].

customers with questions for BetUS should avoid emailing those addresses

This means that any customers with questions for BetUS should avoid emailing those addresses above for now. Security experts also advise that when a website is breached, customers should change details on other websites that share the same password.

The company will now expect a payment made in Bitcoin from BetUS, or it intends to publish customer data on its “name and shame” website.

Leave a Reply

Your email address will not be published. Required fields are marked *