Textile Cutting Expert ‘Lectra’ Struck by the Maze Ransomware Group

• Maze actors have compromised ‘Lectra,’ a textile cutting equipment expert from France.
• The ransomware group has already leaked 5% of the stolen data, and they are threatening to release more soon.
• There has been a wave of ransomware attacks in France lately, and it could be the result of coordination.

The Paris-based CAD, CAM, software, and textile cutting equipment firm ‘Lectra’ has been compromised by the Maze ransomware group. As confirmed by the Cyble research team, the prolific group of actors has already published 5% of the data they stole from the company’s systems, in the context of the typical coercion procedure.

The leak contains screenshots taken during the breach, showing which drives have been exfiltrated by the actors. All in all, there are invoices, financial documents, client details, system details, and many more sensitive details in the leak.

Lectra is a big player in the field, employing 1,650 people and having a yearly income of about $30 million. This means Maze is set for yet another huge claim - or at least that’s what they’ll try to do. Lectra’s field has been hit the harshest by the COVID-19 pandemic and the new economic reality emerging from it.

But since Lectra client data is also in the actors’ hands, this is not just about the French. The company sells industrial systems to Louis Vuitton, Hermes, H&M, as well as large automotive and aerospace manufacturers who need leather cutting tech.

What is particularly interesting in this case is that it’s the fourth recent ransomware attack on a big French company. This month alone, Netwalker has breached Axens SA and Rabot Dutilleul, while Nefilim operators struck Orange S.A., a big telco in the country. All of this could be unconnected, although it’s very likely that malicious actors exchange info, help each other, and generally move in some level of coordination. This is just an assumption, though, as there are no clear links to connect the individual breaches just yet.

Related: The Maze Gang Claims to Have Stolen 11 Million Credit Card Records From “Banco BCR”

Maze is a very active RaaS program that is run by Russian operators and has been a particularly troubling entity for large organizations globally. From ‘Chubb’ to ‘Banco BCR,’ and from ‘Westech International’ to ‘Lectra,’ the hackers have stolen large quantities of sensitive information that enabled them to extort millions from their victims.

Whether or not they’ll manage to convince Lectra to pay is a matter that will most probably stay private, but harpooning a large herring is always a good starting point for these actors.