Southwire Sues Anonymous Hacker for Ransomware Attack

Law Firms Mentioned

Southwire Co. has sued an anonymous “John Doe” that the Georgia wire and cable manufacturer claims extracted confidential business information from its computer systems in a December ransomware attack. The redacted federal complaint, filed Dec. 31 in U.S. District Court in Atlanta, said the unknown defendant demanded several million dollars to keep the stolen information private. When Southwire refused to submit to the alleged extortion, the hacker posted company confidential information on a publicly-accessible website that the suit contends the hacker controls. Southwire has apparently identified a web portal, which has been redacted from the publicly filed complaint but has not yet been able to identify the hacker’s true identity, according to the suit. The suit alleges violations of the federal Computer Fraud and Abuse Act and trespass. It asks for a preliminary injunction barring the hacker or hackers and anyone working in concert with them from pursuing the ransom demands and publishing sensitive corporate information online. The suit also seeks to reclaim all copies of the stolen data and an unspecified money judgment that includes disgorgement of the defendant’s profits, unspecified compensatory and punitive damages. The case has been assigned to U.S. District Judge Timothy Batten. Southwire is represented by Marcus Christian, a partner at Mayer Brown in Washington, D.C. and associate Jonathan Klein. Christian specializes in cybersecurity and data privacy. Before joining Mayer Brown, Christian was the executive assistant U.S. attorney for the Southern District of Florida and former chief of staff for U.S. Rep. Peter Deutsch of Florida. According to the lawsuit, Southwire’s data was exfiltrated using Maze Ransomware, ,which encrypted Southwire’s files, causing the company to lose access to data stored on its computer system. Although the suit redacted the dates that Southwire was hacked, the company sent a letter to customers on Dec. 11 notifying them of the Dec. 9 hack attack and warning that company operations might be impacted, according to online publication SC Media. Attached to the suit is an email sent to Southwire saying, ‘We hacked your network and now all your files, documents, photos, databases and other important data are safely encrypted with reliable algorithms.” The email included instructions for confirming the hack and for paying the requested ransom to release the files. It also identified the ransomware used as Allied Universal Maze Ransomware. Southwire’s suit redacted the amount of the ransom demanded to release Southwire’s computer files, but SC Media said the hacker demanded 850 bitcoin, or about $6 million. Southwire’s complaint also claims that in addition to releasing confidential corporate information on public websites, the hacker publicly spread word of the hack. The hacker also set up a public website listing companies and corresponding websites for 27 targets of its ransom malware, including Southwire, that refused to pay the ransom demands.