News

Maze ransomware targets numerous high-profile organizations

VT San Antonio Aerospace and Westech International among Maze ransomware’s victims

9 Jun 2020

Maze ransomware is at it again. The infamous threat has recently been observed targeting the systems of US aerospace services provider VT San Antonio Aerospace (VT SAA).

VT SAA recently disclosed that it suffered Maze ransomware attack, resulting in the exposure of sensitive company data, including contract details with various governments, government-related organizations and airlines.

In all, hackers stole 1.5 TB of data. To accomplish such a feat, hackers accessed a compromised Administrator account via a remote desktop connection and attacked the company's domain controllers, intranet servers and file servers on two domains.

General Manager of VT SAA Ed Onwe spoke with Bleeping Computer about the Maze ransomware attack, explaining VT SAA “discovered that a sophisticated group of cyber criminals, known as the Maze group, gained unauthorized access to our network and deployed a ransomware attack.”

“Upon discovering the incident, the Company took immediate action, including disconnecting certain systems from the network, retaining leading third-party forensic advisors to help investigate and notifying appropriate law enforcement authorities,” Onwe added.

The first week of June saw many disclosures from other high-profile organizations targeted by Maze ransomware too. Westech International, a US military nuclear missile contractor, recently announced being hit with a Maze ransomware attack.

After gaining unauthorized access to Westech International's internal network, hackers encrypted the company's machines and pressured the company into paying a fee by leaking confidential company documents online.

Other companies impacted by Maze ransomware attacks this month include the ST Engineering Group, Conduent, TekCollect & AmerAssist, the Smith Group, Kerr Controls, and others.