Bouygues Construction Attacked by Maze Ransomware

Delaware, USA – February 5, 2020 – At the end of January, Maze ransomware gang had a very busy week, and as a result of the attacks, several companies suffered cybersecurity incidents. On January 30, Bouygues Construction fell victim to Maze ransomware and the next day issued the confirmation of a cyberattack, promising to reveal the details this week, but have not yet fulfilled that promise. “As a precautionary measure, information systems have been shut down to prevent any propagation. Our teams are currently fully focused on returning to normal as quickly as possible, with the support of experts. Installations are progressively being put back into service after being tested. Operational activity on our construction sites has not been disrupted to date.”

Judging by the fact that Maze ransomware gang began to publish stolen data about the Bouygues’ employees, the company refused to pay the ransom and restores systems without decryptor. Bouygues Construction is a global player in construction, with operations in more than 60 countries. It designs, builds and operates projects in the sectors of building, infrastructure and industry. Also last week, Maze ransomware gang encrypted systems of five law firms, and adversaries had already begun to publish sensitive customer data stolen from two firms. A bit more “lucky” were the Australian logistics company Toll Group, which last Friday fell victim to a fresh sample of Mailto ransomware, and almost recovered from the attack. Mailto ransomware appeared at the end of last year, and its operators do not steal sensitive data before encrypting files. You can secure your organization against similar attacks using Ransomware Hunter rule pack that leverages statistical profiling and behavioral analysis methods to spot signs of ransomware at every stage of Cyber Kill Chain: https://my.socprime.com/en/integrations/ransomware-hunter