Wire and cable manufacturer Southwire is in the recovery phase from a ransomware attack that struck on December 9 knocking a large portion of the company offline.
Published reports state Maze ransomware was the weapon of choice and that the attackers demanded an 850 bitcoin, about $6 million, payment or else the encrypted data would be made public. In a December 11 letter to its customers, the Carrollton, Ga.-based Southwire said its security monitoring systems picked up the attack and immediately implemented a self-quarantine.
“Although many of our locations remained operational throughout the quarantine period, certain functions were impacted, and we apologize for the inconvenience this disruption has caused to our valued employees, customers and community and industry partners,” said Rich Stinson, Southwire’s president and CEO.
Within about 24 hours of the attack the 70-year-old company was able to bring key business systems back online prioritizing manufacturing and logistics functions and enabling staff to return to their jobs. A statement on the incident currently on the company’s site states it is now operating normally and is continuing with its investigation.
Southwire would not confirm that Maze was used in the attack, this information was derived from information posted on Reddit by company workers, according to Bleeping Computer.
“We are aware of public reports connecting our incident and the Maze Ransomware group. The Southwire team continues to work diligently with our cyber security partners to resolve all aspects of what has happened,” the company stated.
Maze was also reportedly used in the ransomware attack on the City of Pensacola on December 7, Bleeping Computer wrote. In that case the city was told to pay $1 million, but the city has provided no further details other than to confirm the attack took place.