The Maze ransomware gang is so extensive and active right now that we have to select which stories to report and which ones to leave aside. One of their most prominent recent breaches involves the “Hoa Sen Group” (HSG), a big steel sheet manufacturer in Southeast Asia. The malicious actors have already leaked several pieces of sensitive information to initiate their typical extortion process. The demanded ransom is unknown, but considering the size of HSG, it must be an astronomical figure.
The Hoa Sen Group is one of the largest steel sheet manufacturers in Southeast Asia, employing 7,100 people across 343 locations, and having a yearly revenue of $1.18 billion. Maze managed to break in HSG’s systems and steal about 33 GB of data. At this stage, the group leaked 1.64 GB of sensitive information, including files that expose the company’s employees.
There are pictures of HSG employees, a large number of employment letters, resumes, academic documents, identity cards, etc. Cyble discovered the data by roaming around the usual Maze portals, so here are some screenshots of the leaked data.
In parallel, another handle of Maze breached American marine construction service provider “Manson,” who hasn’t disclosed the incident publicly yet. This report comes from Shadow Intelligence, who found the associated data dump with the note that it’s the entire (100%) stolen dataset. Manson cannot compare in size to HSG, but they are still a large entity employing 700 people and having annual revenues of $369 million.
The fact that Maze proceeded to release the full dump, though, is an indication that the extortion procedure didn’t go the way the actors hoped for, so they just published everything as a punishment.
Maze is one of the most troubling ransomware families out there, along with REvil, Netwalker, and DoppelPaymer, hitting victims with file encryption and data leak extortion. Especially for large firms like the Hoa Sen Group, plugging all potential entry points and securing their entire attack surface is a difficult feat.
Malicious actors are going after these behemoths since one successful attack could make them enough money to never engage in this activity again. This is why these firms receive multiple knocks daily and can’t just pay their way to peace of mind.