Maze Ransomware Sued For Publishing Victim's Stolen Data (Jan 2, 2020)
Southwire, a wire and cable manufacturing company located in Georgia, is suing the anonymous operators behind the “Maze” ransomware. The company was attacked in December 2019, with 120GB of data stolen and published when Southwire did not pay a ransom of six million dollars. The lawsuit seeks damages against the Maze operators for encrypting and publishing their data, while the operators are unknown, should the government retrieve monetary damages, Southwire could be privy to an amount. The lawsuit also seeks injunctions against websites such as World Hosting Farm Limited, an Irish web hosting company who hosted the Maze news site and hosted the published Southwire data.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.