Suspected Maze Ransomware Attack Disrupts Major US Wire Manufacturer
North America's largest wire and cable manufacturer is reeling after falling victim to a cyber-attack on Monday.
Manufacturing and shipping were disrupted at Southwire Co. after the discovery of suspicious activity on the organization's computer network prompted a company-wide shut down.
Some critical systems were brought back online early as Tuesday morning, however five days on from the attack, Southwire has been unable to fully resume normal business operations.
In a letter sent to the company's partners on December 11, Southwire president and CEO Rich Stinson said: "Southwire learned Monday morning that its network was affected by a cyber incident. After receiving a notification from our security monitoring system about suspicious activity on our network, we immediately implemented a self-quarantine and began a full investigation with our cyber security partner to assess the situation."
"Although many of our locations remained operational throughout the quarantine period, certain functions were impacted, and we apologize for the inconvenience this disruption has caused to our valued employees, customers and community and industry partners."
Southwire, which is based in Carrollton, Georgia, has been in business for almost 70 years and employs 7500 people. In a bitter dose of irony, the company produces wire for the very electrical lines that threat actors may have used to mount an attack against Southwire.
The company has not revealed the exact nature of the cybersecurity incident, which is currently under investigation.
On a web page specially created to answer queries regarding the attack, Southwire wrote: "We are in the very early stages of this process, but a full investigation is underway to determine what – if any – information was accessed. Southwire is working closely with its cyber security partner to assess the situation and its impact."
A Reddit user, claiming to be an employee at Southwire's Rancho Cucamonga plant in California, posted an image of a ransom note which implies that the company was attacked by Maze ransomware.
In the note, threat actors state that company data has been exfiltrated and encrypted. A ransom of 850 bitcoins – roughly $6.1 million – is demanded for the safe return of the stolen data. Failure to pay will result in the publication of the stolen data.
Source: Information Security Magazine