Maze Ransomware Gang Hits ST Engineering US Subsidiary

The notorious Maze ransomware gang has recently been involved in a ransomware attack against a Singapore-based defense contractor's US subsidiary. The company in question is VT San Antonio Aerospace, a subsidiary of ST Engineering, working with governments and government agencies such as NASA.

ST Engineering is a global maritime, smart city, aerospace, and defense contractor that has more than 23,000 employees worldwide. Ed Onew, general manager and vice president of VT San Antonio Aerospace, commented on the breach, saying that the Maze group had gained entry into the company's network and managed to encrypt several systems successfully.

The exact time of the attack or the extent of the damage was not revealed, but Mr. Onwe commented to The Straits Times:

''Our ongoing investigation indicates that the threat has been contained, and we believe it to be isolated to a limited number of ST Engineering's US commercial operations. Currently, Our business continues to be operational.''

This Week in Malware Ep 6: Maze Ransomware #thisweekinmalware

The company has informed both affected customers and law enforcement about the incident, as well as retained the services of forensic advisers. Despite these measures, the Maze ransomware gang has already started publishing samples of stolen data on their data-leaking website. The leaks have been confirmed by several security experts, with Maze claiming that they have their hands on about 1.5TB of sensitive data.

Post on Maze's news website, naming ST Engineering as one of their victims. Source: Cyble

The Maze ransomware gang was one of the first threat actors that started to exfiltrate data that they encrypt as further leverage for getting their ransom payment. The tactic was quickly adopted by other cybercriminal gangs, as it proved to be quite persuasive and useful against companies that have properly backed up their systems.

In one such attack from earlier this year, the operators of the DoppelPaymer ransomware stole 200GB of data from the city of Torrance, California, demanding a $700 thousand ransom in bitcoin. But the most significant ransomware attack this year was the work of the REvil/Sodinokibi ransomware gang, who hit Grubman Shire Meselas & Sacks, a major New York-based law firm that represents a number of A-list celebrities. The hackers demanded a ransom of $42 million, claiming that they had their hands on Trump's ''dirty laundry''.