Maze behind Pensacola ransomware attack

Maze was behind the ransomware attack on the City of Pensacola that began early Saturday morning, and its operators have demanded a $1 million ransom to provide the municipality with a decryptor.

The Maze operators, who typically threaten to publish files online if victims don’t pony up, said in a Bleeping Computer report that the attack was not related to a mass shooting at the Naval Air Station Pensacola the day before.

"We also must tell you that there is no any connections with the shooting event that occurred before running maze,” the report cited them as saying. “We did not know about this. It is just coincidence."

Pensacola confirmed that the incident was indeed a ransomware attack but declined to provide details, saying only that the city’s systems are coming back up.

“We are currently in an assessment and recovery mode, and our IT Department is continuing to work diligently to make sure all computers are free of any viruses before we reconnect them to the network,” the report cited a spokeswoman as saying in a statement. “We don’t have an estimated time of completion, but they are working to restore services as quickly as possible. As IT works to restore services, they are also looking into bringing experts in to assist with evaluating any potential impacts to data.”

She noted the “email servers are back up, but since IT still has our computers disconnected from the network, city employees only have limited access to email (via smartphone for employees who have city cell phones). Most landlines have been restored.”

Although the city is operational, she said, “we are somewhat limited since we aren’t able to use our computers or internet until these issues are resolved. Emergency dispatch and 911 services were not impacted and continue to operate.”

In an update posted on the city’s website, the IT department said “online bill payments for Pensacola Energy and Sanitation Services are now available; Pensacola Energy is operational, but the call center is not fully restored yet; [and] the majority of our servers are restored, and IT is working to get computers up and running in each department.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.