[BreachExchange] Maze Ransomware operators leak 14GB of files stolen from Southwire

[Destry Winant]

https://securityaffairs.co/wordpress/96334/cyber-crime/maze-ransomware-southwire.html

The Maze ransomware gang has released 14GB of files that they claim
were stolen from one of its victims, the Southwire cable manufacturer.

The victims of the Maze Ransomware are facing another risk, after
having their data encrypted now crooks are threatening to publish
their data online.

The Maze ransomware also implements data harvesting capabilities,
operators are threatening to release the data for all those victims
who refuse to pay the ransom.

The operators behind the Maze ransomware have set up a website where
they have published the list names of eight companies that allegedly
refused to pay the ransom.

The website includes data related to the infection, including the date
of the attack, some stolen documents (Office, text and PDF files), the
size of stolen data, and the list of IP addresses and machine names of
the infected servers.

In December, Maze ransomware operators have released 2GB of files that
were allegedly stolen from the City of Pensacola during the recent
attack.

According to BleepingComputer that first confirmed the involvement of
the Maze ransomware in the attack against the City of Pensacola,
crooks demanded a $1 million ransom to decrypt the victim’s files.

The Maze operators released 2GB out of 32GB of files that they claim
to have stolen during the attack on the city network.

The gang has now released an additional 14GB of files that they claim
were stolen from one of its victims, the Southwire cable manufacturer.

The attack against the company took place in December, the hackers
infected 878 systems on the company network and stole 120GB of files.

The Maze gang demanded $6 million worth of bitcoins to avoid the leak
of Southwire’s stolen files, but the company refused to pay the
ransom.

Then Maze operators uploaded some of the company’s files to its web site.

Southwire filed a lawsuit against Maze in Georgia courts for illegally
accessing their network, stealing data, encrypting computers, and
publishing the stolen data after a ransom was not paid.

The company asked the web hosting provider who was hosting the Maze
site to shut down it.

The Maze operators released an additional 14.1GB of stolen files
belonging to Southwire on a Russian hacking forum and announced that
they plan to release 10% of the data every week unless the ransom is
paid.

“But now our website is back but not only that. Because of southwire
actions, we will now start sharing their private information with you,
this only 10% of their information and we will publish the next 10% of
the information each week until they agree to negotiate. Use this
information in any nefarious ways that you want”, states the post
published by the Maze operators.

At this point, Southwire executives need to evaluate is it is better
to pay the ransom to avoid to sustain greater costs for data being
exposed.