I could see it happening more frequently," he said.Hold please: Being targeted by hackers in the modern world may feel more like dealing with big business.Īlex Stamos, director of the Stanford Internet Observatory and a former Facebook CSO, said most likely DarkSide was targeting the IT back-end rather than the company operations. And under appropriate circumstances, absolutely. "There's certainly some very good reasons for doing what they're doing strategically. " With regard to the web hosting entity, that could become a trend, because you can certainly try to get some action taken," like the website shut down as quickly as possible, said Shimberg.īut legally pursuing a John Doe hacker is a trend yet to be seen. The cable manufacturer provided a (now redacted) web portal contact point in the civil suit.įollowing similar logic, Southwire found the alleged Ireland-based third-party web hosting company through an administered IP address "connected to domain - used by Defendant in this action." Southwire so far was able to trace the domain the defendant, or John Doe, is using "to cause harm" to the company. Having a John Doe defendant still "allows the injured aggrieved party to initiate and get something started," he said. A simultaneous criminal prosecution is possible if they can convince criminal authorities.
"I believe they are bringing the civil case, as a way for them to have the ability to pursue it on their timeframe and the way they want to pursue it," said Shimberg. A criminal case is more likely than a civil one to stall when the operators' identity is unknown. With a John Doe defendant, Southwire's lawsuit is less likely to stall as a civil case, as it might in a criminal one.
You're doing it with the idea that you don't know the identity of the person at this time, but you're still gathering information," he said. "It's not unheard of for there to be lawsuits against John Doe. "It happens a lot like in copyright infringement cases and trademark infringement," said Shimberg. Though Southwire's ransomware lawsuit is unusual, John Doe cases are fairly common. However, " it would be trivially easy for the group to release the data in other ways, either on the clear web or the dark web," said Callow. The Irish third-party web hosting company has since removed the websites. Southwire's lawsuit against its hackers is a " somewhat risky move in that it could potentially prompt Maze into publishing all the exfiltrated data," said Callow.īut the proceedings helped the company bring down the websites showcasing the stolen data. In the time since the posting, the hackers have allegedly told Southwire to brace for more data exposure. The malicious operators posted a portion of Southwire's data on the public-facing website. "During this time, Defendant threatened to release this information and pointed to its release of other companies' data as an indicator that it would follow through on its threats," according to the filing. Southwire outlined dates, though redacted from the filing, of the communication between the company and the defendant. The ransomware strain requires victims to communicate with its operators for decryption. REvil, the successor of GandCrab, is also threatening to publish stolen data or sell it to a victim's competitors if a ransom is refused. Maze has influenced other ransomware's modus operandi in terms of publicly disclosing encrypted data.
Southwire reportedly asked the web hosting company to remove the published stolen data but the company was unresponsive at the time. Ireland-based publication The Journal.ie reports Southwire is also pursuing injunctive relief from an Irish company responsible for hosting the hackers' website. "I have not seen one exactly like this before now," he told CIO Dive.īut while Southwire, at this time, can only identify its hackers as John Doe, the company's investigations led it to another civil action in Ireland. Robert Shimberg, shareholder of law firm Hill Ward Henderson, echoed Callow's sentiments. "I can't think of another case in which a company has sued a ransomware group." "Southwire's decision to take legal action against the Maze Group is an unusual move," Brett Callow, threat analyst at Emsisoft, told CIO Dive in an email.
0 kommentar(er)
