The hackers behind the Maze Ransomware are accused by a known company of illegal access to its network, data theft, computer encryption and publication of stolen data as ransom was not provided.
The prosecution company is Southwire, a leading cable manufacturer from Carrollton, Georgia, who was the victim of hackers in December 2019. As part of this attack, ransomware allegedly stole 120GB of data and encrypted 878 devices.
The 850 bitcoins ransom, or $ 6 million, was not paid by Southwire, so Maze hackers posted some of the stolen data on a self-created "news" site.
This site is hosted by an internet service provider in Ireland, according to which Southwire says it has been contacted repeatedly but has not received a response.
Southwire sues Maze creators
On December 31, 2019, Southwire filed a lawsuit in the Northern District of Georgia, USA. v. Maze and sought injunctions against the provider in Ireland for hosting the Maze news site and the stolen files.
In a full-blown civil lawsuit, Southwire seeks safeguards and compensation against Maze hackers for encrypting their network and publishing stolen data recovered during the ransomware attack.
“This is a lawsuit for damages and interim measures against the defendant stemming from the Electronic Fraud and Abuse Act and the common law breach of mobile communications, confidential business information and other sensitive information. The defendant then demanded several million dollars to keep the information private, but after Southwire declined to repay it, the defendant posted some of Southwire's confidential information on a public website that he controls. "
While it may seem odd that a lawsuit was filed against the Maze hackers, several lawyers said the move was intended to consolidate the company's legal position in order to receive compensation in case the money was recovered by the government. This action can also be a subversive factor for any US based hosting provider or organization that publishes data stolen from Maze.
“The United States Penal Code states that any person who has suffered injury or loss due to a breach may take legal action against the offender to obtain compensation.
The accused violated the Electronic Fraud and Abuse Act by knowingly and intentionally accessing Southwire's protected computers without permission or beyond any warranty. ”
Two exhibits are included in the lawsuit. The letter that demands ransom and an image that probably depicts Maze's stolen data.
Southwire is seeking interim relief in Ireland
A Southwire consultant has sought injunctions in Irish courts against the company hosting the Maze news site and the stolen records.
According to sources, Southwire has made repeated requests to the web hosting company called World Hosting Farm Limited, which hosts the Maze news site, to remove their stolen data but has never received a response.
Because of this, the company has applied for safeguards for the parties involved.
“The measures require defendants to remove all data related to Southwire and its customers from the website. It also obliges the defendants to hand over all data stolen from Southwire and to guarantee that nothing relevant will be published online or anywhere else. "
The interim injunctions were partially accepted, but the court did not prevent the media from mentioning the victim's name in their petition.
It is not known whether the Maze team will try to host their news with another hosting provider or move them to Tor where it will be much more difficult to delete.
Legal action is a risky move by Southwire, as it could lead Maze hackers to release all the stolen data and not just some files.
"This is a bold but dangerous move by Southwire, which could push the Maze team to release all of the company's data, while deleting the site could lead to a constant hunt in which the data is published. in other, possibly better-known locations, ”said Emsisoft analyst Brett Callow.
With Maze hackers looking too eager to publish their actions and stolen data, this is a move that could lead to more data being published.