Pierluigi Paganini January 13, 2020

The Maze ransomware gang has released 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer.

The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.

The operators behind the Maze ransomware have set up a website where they have published the list names of eight companies that allegedly refused to pay the ransom.

The website includes data related to the infection, including the date of the attack, some stolen documents (Office, text and PDF files), the size of stolen data, and the list of IP addresses and machine names of the infected servers.

In December, Maze ransomware operators have released 2GB of files that were allegedly stolen from the City of Pensacola during the recent attack.

According to BleepingComputer that first confirmed the involvement of the Maze ransomware in the attack against the City of Pensacola, crooks demanded a $1 million ransom to decrypt the victim’s files.

The Maze operators released 2GB out of 32GB of files that they claim to have stolen during the attack on the city network.

The gang has now released an additional 14GB of files that they claim were stolen from one of its victims, the Southwire cable manufacturer.

The attack against the company took place in December, the hackers infected 878 systems on the company network and stole 120GB of files.

The Maze gang demanded $6 million worth of bitcoins to avoid the leak of Southwire’s stolen files, but the company refused to pay the ransom.

Then Maze operators uploaded some of the company’s files to its web site.

Southwire filed a lawsuit against Maze in Georgia courts for illegally accessing their network, stealing data, encrypting computers, and publishing the stolen data after a ransom was not paid. 

The company asked the web hosting provider who was hosting the Maze site to shut down it.

The Maze operators released an additional 14.1GB of stolen files belonging to Southwire on a Russian hacking forum and announced that they plan to release 10% of the data every week unless the ransom is paid.

“But now our website is back but not only that. Because of southwire actions, we will now start sharing their private information with you, this only 10% of their information and we will publish the next 10% of the information each week until they agree to negotiate. Use this information in any nefarious ways that you want”, states the post published by the Maze operators.

At this point, Southwire executives need to evaluate is it is better to pay the ransom to avoid to sustain greater costs for data being exposed.

Pierluigi Paganini

(SecurityAffairs – Maze ransomware, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]