Southwire, one of the largest manufacturers of cabling and wire in the United States, has taken legal action against the unknown individuals behind the attack and an internet service provider hosting a website where its stolen data has been published.
The threat actors infiltrated Southwire’s network in December 2019, stole 120 GB of company data, and then deployed Maze ransomware on 878 computers. A ransom demand of 850 Bitcoin ($6 million) was issued. Payment of the ransom would see the keys supplied to decrypt the computers and the threat actors claimed they would return the stolen data. When the ransom wasn’t paid, some of the stolen data was published on a newly created website called mazenews[dot]top. The website was hosted with an Irish internet service provider with addresses in Cork and Dublin.
Southwire sought an emergency High Court injunction against two Polish nationals and the ISP, World Hosting Farm Limited, to have the data removed and to prohibit the publication of any more Southwire data. The injunction was granted on December 31, 2019.
Southwire also attempted to block the media from publishing its name in connection with the court case, as it claimed that this would help the threat actors behind the attack; however, that request was not granted by Ms. Justice Mary Rose Gearty.
The company and individuals against whom the injunction was granted are connected to the IP address of the website, although it was not alleged that they played any role in the cyberattack. Southwire had tried to contact the two Polish nationals and the owner and director of the ISP to cease and desist from publishing the stolen data but said it had received no response.
Interestingly, Southwire is also taking legal action against the unknown individuals behind the cyberattack. A lawsuit was filed in the Northern District of Georgia against the operators of the ransomware seeking injunctive relief and damages under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, and the common law of trespass to chattels. It is understood that the lawsuit was filed in order to obtain monetary damages from the U.S government in the event that any funds are recovered from the attackers.