It’s getting uglier out there. Both Maze Team and the DoppelPaymer ransomware teams seem to be attempting to increase coerce on their victims by giving them less time to respond before their call and data get publicly revealed. For its part, although maze Team is clearly active and updating their site on a frequent, if not daily, basis, Maze Team has not replied to a number of queries this site has sent it about the removal of some victims’ names from their site and what that means. so far, only one of their HIPAA-covered victims seems to have reported their tone-beginning to HHS/OCR. DataBreaches.net is monitoring the situation to see if the other victims that Maze team had identified to me in email eventually expose publicly. Most of Maze Team’s victims have not replied at all to inquiries from this site asking them to substantiate or refuse the claimed hacks and none of the victims maze Team identified to me that have not amount forward make any notices on their websites, either. Ironically, perhaps, crossroads Technologies, identified as a breached entity by Personal soupcon home care as the source of their reported breach, does not have any mark on their website about the incident while it continues to publicize its security and assist with HIPAA compliance. Elsewhere, and as noted previously, DoppelPaymer attackers are experimenting with using the same kind of website naming and dumping approach. one of their targets appears to be CD Bank, the online division of Texas-based TBK Bank, SSB. candle cant has not responded to inquiries sent to it on february 27 and on february 28. An inquiry was also sent to TBK bank today through their website. In the interim, the attackers have dumped more of the bank’s data every day, with some files containing personal and financial information of cant customers, as the following redacted screencaps illustrate: Neither the CD cant nor the TBK Bank’s websites give any indication of anything amiss or any cyberattack, and as noted above, neither have confirmed nor refuted any claimed attack. DataBreaches.net decided to name the bank rather than to keep to not epithet it because it’s not crystalise that customers have been notified and with their account information and details exposed online, they should probably live made aware so that they canful protect themselves from SE attacks or other fraud-related attacks. This post may be updated if and when the bank(s) respond.