Early on Monday morning, the wire and cable manufacturer Southwire was hit with Maze ransomware. The threat actors behind Maze, who are referred to by security researchers as TA2101, are demanding around $6 million dollars. The TA2101 actors also stole data from Southwire when the ransomware encrypted everything. If the ransom is refused, not only will the data on the network be lost, but the TA2101 actors are threatening to release the stolen data to the public.
TA2101, the actors behind Maze, have been carrying out phishing campaigns impersonating government officials. Often, the phishing emails include an attached Microsoft Office file that contains macros to deliver the malware. Investigating all emails before enabling macros will help prevent infections from these types of campaigns. Users should always confirm that the document sent is actually originating from a government email address and proceed with caution. Additionally, investing in a data loss prevention (DLP) proxy solution can help prevent the exfiltration of some types of sensitive data, provided that the data isn’t encrypted in a way that the DLP solution can’t inspect.