Data of Southwire Company, North America’s largest wire and cable producers was released by Maze ransomware.
In December 2019, Maze ransomware operators attacked Southwire by infecting 878 systems on the network and stole 120 GB of files.
Maze then demanded $6 million in bitcoins or they would publicly release Southwire’s stolen files, but the company refused to pay the ransom.
When Southwire did not make a payment, the Maze operators uploaded some of the company’s files to a “News” site that they had created to embarrass the victims who refuse to pay the ransom. They had published the list of 8 companies that allegedly refused to pay the ransom.
“Represented here companies do not wish to cooperate with us and trying to hide our successful attack on their resources. Wait for their databases and private papers here. Follow the news,” on the site, the Maze states.
“The website includes data related to the infection, including the data of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers,” stated security affairs.
Southwire registered a lawsuit against Maze in Georgia courts on December 31, for stealing data, accessing their systems, encrypting computers, and publishing stolen data after a ransom was not paid and won their case.
The hackers plan to release 10% of the data every week unless the ransom is paid.
“But now our website is back but not only that. Because of south wire actions, we will now start sharing their private information with you, this only 10% of their information and we will publish the next 10% of the information each week until they agree to negotiate. Use this information in any nefarious ways that you want,” post published by Maze operators.
Southwire now needs to evaluate if it is better to pay the ransom rather than to sustain greater costs for data being exposed.
Companies should never pay a ransom as it only encourages hackers to continue with this behaviour.
You may be interested in reading: ASP.NET Hit by Ransomware