Sportsbook held to ransom
Popular gambling operator BetUS, a sportsbook incorporated in Curacao, has become the latest victim of a self-described crypto-ransomware group known as Maze. The hacking group is currently holding the sportsbook’s internal data for ransom, although the sum has yet to be disclosed.
The hacking group has released very little information so far, but have offered proof of the hack by publishing almost one gigabyte of data from servers belonging to BetUS. Data includes company files, including minutes of board meetings, and worryingly, passport scans from company executives.
offered proof of the hack by publishing almost one gigabyte of data from servers belonging to BetUS
While customer data has yet to be released, it is understood that the hacking group often publishes files if no ransom money is forthcoming.
Not the only target
While gambling operators have been hacked before, this particular group is quite unique in that it will “name and shame” those it hacks via its own website.
According to the latest update, it seems that BetUS has not been the only target. In recent days the group has also hacked cybersecurity insurance firm Chubb and a French company known as Bouygues Construction.
Both companies have released short statements that acknowledge the hack has taken place, although BetUS is yet to comment.
Group has shown mercy before
However, also in December 2019, Maze showed mercy on the American city of Pensacola, Florida, and decided not to publish the information they had hacked. Instead, they simply left ‘proof’ online that the hack took place.
In a statement the group said: “We are going to make a gift to City of Pensacola: we will not publish leaked private data, but we publish the list of leaked data and hosts to prove that we did it, we really hacked the City of Pensacola.”
Emails also at risk
It is unclear what BetUS will do next. However, according to the Maze website, the hacking group currently controls three of its most prominent emails: email@example.com; firstname.lastname@example.org; and email@example.com.
customers with questions for BetUS should avoid emailing those addresses
This means that any customers with questions for BetUS should avoid emailing those addresses above for now. Security experts also advise that when a website is breached, customers should change details on other websites that share the same password.
The company will now expect a payment made in Bitcoin from BetUS, or it intends to publish customer data on its “name and shame” website.