Maze ransomware strikes again.
This time, the victim is a tech company, prominent chipset manufacturer MaxLinear.
Maze ransomware: to pay or not to pay?
The chip manufacturer says it will not pay the ransom. Perhaps part of the reason is the relatively small impact on its operations.
Here is the company's SEC statement about the attack.
"The ransomware attack has not materially affected our production and shipment capabilities, and order fulfillment has continued without material interruption. We have no plans to satisfy the attacker's monetary demands."
MaxLinear remained firm even as Maze began to leak "teaser" documents it stole during the attack to increase payment pressure, a common tactic used in this form of ransomware:
"On June 15, 2020, the attacker released online certain proprietary information. We have engaged a third party capable of safely evaluating information posted on malicious websites to advise us with respect to the content of the information posted."
According to the report, MaxLinear is helped by the fact that it has cyber insurance, which lessens the cost of incident response and lessens the blow for investors:
"Although we have incurred and will incur incremental costs as a result of forensic investigation and remediation, we do not currently expect that the incident will materially or adversely affect our operating expenses. We carry cybersecurity insurance, subject to applicable deductibles and policy limits. We have also engaged with the appropriate law enforcement authorities."
Maze ransomware attacks and the rise in nuclear ransomware
SecureWorld has covered a number of Maze ransomware attacks this year, which some call "nuclear" type attacks.
It is considered nuclear because Maze does more than encrypt systems and data on networks, it exfiltrates data and files to use as leverage to extract payment from the victim.
SecureWorld News reported on Cognizant's run-in with Maze, which is an example of this.
In a conversation with Roger Grimes of security awareness firm KnowBe4, he discussed the dangers associated with nuclear ransomware:
"They are going to determine your company's crown jewels and take it. And then if you decide you're not going to pay the ransom right away, they're going on either your website or a public website or blog they've set up and saying we have the data.
We have this much data and this much information, it has customer data, employee data, we have everybody's passwords. And if you don't pay up, we're willing to release this because that company, because Roger Grimes, Roger Grimes Incorporated, is not paying the ransom. We're going to release all the data and give it to his competitors very publicly."
Many companies are paying the ransom, as a result.
But it looks like that technique is failing to work on MaxLinear at this point.