Ma Labs Ransomware Attack impacting their Clients

Image Source:

Earlier this month, one of the leading distributors of PC components, Ma Labs, was breached by Cybergang called REvil. This ransomware attack has left its mark on customers and competitors of component distributors. 

According to threat intelligence firm Cyble, the Operators of REvil ransomware claim to have a hold of 949 GB of data from the central servers of Ma Labs. 

REvil said that more than 1000 Ma Labs servers are affected by this attack. According to REvil, as a result of this ransomware attack, confidential data from Ma Labs computer, thousands of documents with details of employees, partners and clients are at risk of being leaked online. REvil threatened, in 48 hours from the time of its initial message they will start an auction of leaked data of Ma Labs.

Cyble stated that, attackers also shared also a few screenshots of data they have gotten through the ransomware attack. Cyble confirmed that the data include emails, bank-related files and certificates for issued shares of stock. 

REvil also wrote a message to its leak site about the Ma Labs, “Their systems are compromised and are being analyzed. Such a large company, but a small IT responsibility.”

Company was asking for payment through Gmail

After learning about the ransomware, an executive of a system builder company that buys components from Ma Labs said he had been wondering what was happening with the distributor, because his accounting team stopped receiving emails from Ma Labs employees a week ago. 

The executive further said, “They have done a poor job communicating with us what’s going on. They basically said that they are having email issues, and we haven’t received an invoice for the past couple weeks.” Due to his business relationship with Ma Labs the executive who asked to not be identified. 

“My accounting team, they were like, Hey, where’s the invoices so that we can pay? We know we receive purchase orders, so we owe you money, what’s going on?” Executive said. 

According to the executive, they were using personal gmail accounts to ask for the payment, which was a major red flag. 

“We are getting sporadic emails from them. But they said, Well, we are having email server issues,” he said. “So we didn’t know they were attacked. They should have been a little bit clearer with us on communications.”

Because Ma Labs is not an authorized intel distributor, we only buy motherboards,  memory modules and hard drives. 

“We are on the same team. I just wish they were just a little bit more transparent with what’s happening with the current situation, so we can work with them. We will help them. We will figure out a way to at least pay our bills,” he said.