Maze Ransomware Demands $6 Million Ransom From Southwire

Maze Ransomware Demands $6 Million Ransom From Southwire

Maze Ransomware Demands $6 Million Ransom From Atlanta Company

Maze Ransomware attackers claim responsibility for another cyber attack, this time targeting Carrollton, Georgia’s leading wire and cable manufacturer Southwire Company, LLC (Southwire).

According to press release published in January 2019, Southwire is one of North America’s leading wire and cable manufacturers, “building wire and cable, utilities, metal-clad cable, portable and electronic cable products, OEM wire products and engineered products.”

In May, Malwarebytes security researcher Jérôme Segura discovered Maze Ransomware, a version of Chacha Ransomware. Since May 2019, the malware strain has become more and more aggressive.

Its affiliates are also becoming more and more notorious, with ProofPoint identifying one after observing them as the TA2101 threat actor while carrying out various malspam campaigns that impersonate government agencies.

$6 million ransom

The demand for the ransom is 850 BTC, which amounts to around $6 million. The ransom note also states, as usual in the case of Maze Ransomware, that company information was also exfiltrated, ready to be released if the ransom is not paid.

The team denied reports of $9 million ransom which began on Reddit in an email conversation with BleepingComputer and also sent evidence that Southwire’s information were stolen from their servers.

One of Southwire’s employees working at the Rancho Cucamonga plant also shared the ransom note planted on the company’s encrypted systems.

 

Southwire ransom note
Southwire ransom note

Maze ransomware operators recently claimed variety of other attacks including one on the City of Pensacola, Florida, which came with $1 million ransom, and another one that affected security staffing firm Allied Universal, which was asked to pay $2.3 million to decrypt their network.

The Southwire ransomware attack

Last Monday, Southwire was struck by the ransomware attack which disrupted companywide computing.

According to a statement from Atlanta Business Chronicle, the company’s IT team began to get affected systems back up one day after the event occurred.

“We immediately self-quarantined by shutting down the entire network,” Jason Pollard, vice president of Talent Acquisition and Communications for the wire manufacturer told the Chronicle.

“The incident did cause some disruption in our ability to make and ship our products,” he also added. When asked if the company reported the ransomware incident to law enforcement agencies, Pollard stated that Southwire is “considering all avenues that may assist us with this investigation.”

Southwire has more than 7,500 employees and had $6.1 billion in revenue in 2018, up from the previous $5.5 billion in 2017. The wire maker is also on Forbes’ list of the largest private companies in America.

Posted on