LG Electronics allegedly targeted by Maze ransomware

The samples published by ransomware operators include three screenshots. One contains LG Electronics’ official firmware or software update releases, while the other two screenshots carry list of source codes of their products. Maze ransomware group allege that the source codes of LG products are being used by a big telecommunication company.

Early this week, the ransomware group published a release warning companies to not try to recover information themselves, while boasting that the Maze locker can’t be decrypted without their assistance and it would also add to their costs. The group warned about a planned attack on LG Electronics in the same release, which researchers at Cyble Inc believe has been carried out now.

First discovered in May 2019 by Jerome Segura, a malware intelligence analyst, Maze ransomware group has been very active ever since the covid-19 outbreak. It targeted IT major Cognizant in April, which may cost the company losses of up to 70 million in Q2 2020. The data leaked by the ransomware included corporate credit card details of Cognizant’s employees. In March, Chubb, a US based cyber insurance company was targeted. Just a day before claiming an attack on LG, Maze group alleged to have hit WorldNet Telecommunications, a Puerto Rico based telecom company.

The ransomware uses exploit kits, desktop connections with weak passwords and phishing emails to infiltrate company networks. It is programmed to prevent reverse engineering of its codes, which makes static analysis difficult. Before encrypting data, the ransomware steal large data files with the intention of releasing them online.

Mint has reached out to LG Electronics for a statement on the alleged breach and will update the story when we have it.