perm_phone_msgConsider your business risks? Chat With US

Maze Ransomware Demands $6 Million Ransom From Southwire

Ransomware BCyber todayJanuary 20, 2020 114

share close

Maze Ransomware operators claim responsibility for another cyber attack, this time against leading wire and cable manufacturer Southwire Company, LLC (Southwire) from Carrollton, Georgia.

Southwire is one of North America’s leading wire and cable makers, “building wire and cable, utility products, metal-clad cable, portable and electronic cord products, OEM wire products and engineered products” per a press release published in January 2019.

Maze Ransomware, a variant of Chacha Ransomware, was discovered by Malwarebytes security researcher Jérôme Segura in May. The malware strain has become increasingly more active starting with May 2019.

Its affiliates are also increasingly more notorious, with ProofPoint identifying one as the TA2101 threat actor after observing them while conducting various malspam campaigns impersonating government agencies.

$6 million ransom

The ransom demanded is 850 BTC, amounting to approximately $6 million. As customary in the case of Maze Ransomware, the ransom note also says that company data has also been exfiltrated, ready to be published if the ransom is not paid.

In an email conversation with BleepingComputer, the group refuted rumors of a $9 million ransom that started on Reddit ​​​​​​and also sent proof that Southwire data was downloaded from their servers.

“We would like to point out that we noticed this article here. Indeed that was our work, but they say the price is 9 millions USD, this is not true,” they said.

“We do not know who spreads this rumors, the actual price for their network is 850 BTC which is about 6 million USD. We have attached some proofs of their data to this letter.”

One of Southwire’s employees working at the Rancho Cucamonga plant also shared the ransom note planted on the company’s encrypted systems.

Southwire ransom note
Southwire ransom note (/u/Dhiodos)

Maze ransomware’s operators have recently claimed a number of other attacks including one against the City of Pensacola, Florida, that came with a $1 million ransom, and another one that impacted security staffing firm Allied Universal that was asked to pay $2.3 million to have their network decrypted.

The Southwire ransomware attack

Southwire has been hit by the ransomware attack during early Monday and affected computing on a companywide basis.

The company’s IT staff started getting affected systems back online one day later according to an Atlanta Business Chronicle report. Southwire’s website is still down at the time this article was published.

“We immediately self-quarantined by shutting down the entire network,” Jason Pollard, vice president of Talent Acquisition and Communications for the wire manufacturer told the Chronicle.

“The incident did cause some disruption in our ability to make and ship our products,” he also added. When asked if the company reported the ransomware incident to law enforcement agencies, Pollard stated that Southwire is “considering all avenues that may assist us with this investigation.”

The safety of our employees, the quality of our products and our commitment to our customers are critically important to us. Today, we’re bringing critical systems back online, prioritizing manufacturing and shipping functions that enable us to create and send product to our customers. We are dedicated to restoring all systems and bringing all of our employees back to work as safely and as quickly as possible. – Pollard

Southwire has more than 7,500 employees and it had a revenue of $6.1 billion in 2018, topping the previous $5.5 billion from 2017. The wire manufacturer is also on Forbes’ list of America’s largest private companies.

BleepingComputer also reached out to Southwire for additional details regarding the attack but had not heard back at the time of this publication. This article will be updated with updated info when a response is received.

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat