Maze Ransomware Gang Strikes Chipmaker MaxLinearCompany Reports Some Data Exfiltrated, Refuses to Pay Ransom
Semiconductor manufacturer MaxLinear confirmed this week that it was hit by the Maze ransomware gang in April and some “proprietary information” was exfiltrated and personally identifiable information exposed.
MaxLinear notes in a Tuesday 8-K SEC filing: "We have no plans to satisfy the attacker’s monetary demands. On June 15, 2020, the attacker released online certain proprietary information. We have engaged a third party capable of safely evaluating information posted on malicious websites to advise us with respect to the content of the information posted."
In a data breach notification sent to the California attorney general's office, the company states that it discovered the attack on May 24. But further investigation revealed the intruders were inside the company's network from April 15 to May 24.
MaxLinear produces processors that are used by telephone, cable and satellite operators, set-top box manufacturers, networking equipment providers and consumer technology providers, according to the company’s website.
The PII accessed by the Maze gang included name; personal and company email address and personal mailing address; employee ID number; driver's license number; financial account number; Social Security number; date of birth; work location; compensation and benefit information; dependent information; and date of employment, according to the SEC filing and the notice with California authorities.
The company did not indicate if this information is for employees, customers or both nor how many people were affected and declined to comment further.
Impact on Operations
MaxLinear provided some details about the impact of the attack in the 8-K SEC filing.
"On June 16, 2020 MaxLinear, Inc. announced a security incident resulting from a Maze ransomware attack affecting certain but not all operational systems within our information technology infrastructure. The ransomware attack has not materially affected our production and shipment capabilities, and order fulfillment has continued without material interruption," according to the filing.
MaxLinear told the California attorney general's office that once the breach was discovered, it immediately took all its systems offline, contacted law enforcement and hired a third-party cybersecurity firm to analyze what took place.
The SEC filing notes: "MaxLinear’s internal information technology team, supplemented by a leading cyber defense firm, has been actively taking steps to contain and assess this incident. We have been able to re-establish certain affected systems and equipment, and this work is ongoing."
MaxLinear is offering free credit monitoring all those whose information was exposed in the breach.
Brett Callow, a threat analyst with Emsisoft, confirmed that Maze had posted to its "Maze News" darknet website a claim that it had targeted MaxLinear and exfiltrated more than 1 TB of data.
Maze began adding an extortion element to its ransomware attacks in December 2019 when it created a website and began publicly shaming its victims. When a victim refused to pay a ransom to decrypt files, Maze threatened to make stolen information public if its demands were not met (see: Maze Ransomware Gang Dumps Purported Victim List).