Connect with us

The Online Technology

‘Maze’ ransomware threatens data exposure unless $6m ransom paid – Naked Security

Security Watch

‘Maze’ ransomware threatens data exposure unless $6m ransom paid – Naked Security


What’s the most effective way to fight back against a large ransomware attack?

Normally, the answer would be technical or organisational, but a new type of ransomware called Maze seems to have stirred up a very different response in one of its recent victims – bring in the lawyers and try to sue the gang behind it.

The victim this time was US cable and wire manufacturer Southwire, which last week filed a civil suit against Maze’s mysterious makers in Georgia Federal court.

This mentions a big attack involving Maze, which we know from the company’s Twitter account happened on 11 December 2019.

Given that the attackers are unknown – referred to only as “John Doe” in legal filings – this might sound like a fool’s errand. But it seems it is the way the ‘Maze Crew’ attempted to extort Southwire that led to such unorthodox tactics.

According to Bleeping Computer, the sum demanded from Southwire was 850 Bitcoins, equivalent to around $6 million.

That sounds like a lot to supply some encryption keys to unlock scrambled data, but the demand was backed by a second and more sinister threat – if the sum wasn’t paid the data would be released publicly.

That ransomware attackers can steal as well as encrypt data isn’t a new phenomenon but the possibility that sensitive data might be revealed to the world is potentially more damaging than any short-term disruption caused by the malware.

And yet, despite the seriousness of this threat, it seems that Southwire declined to pay.