Security Market Segment LS
Wednesday, 15 July 2020 04:38

Staffing and services firm Collabera appears to have paid ransom to Maze attackers Featured

Staffing and services firm Collabera appears to have paid ransom to Maze attackers Image by Peggy und Marco Lachmann-Anke from Pixabay

Corporate staffing solutions and services company Collabera appears to have paid a ransom to attackers who used the Maze ransomware, that runs on Windows only, to attack its systems.

The company's name was listed on the Maze site on the dark web and then removed, always an indication that a company has yielded to ransom demands and paid up.

iTWire contacted Collabera on Tuesday, but only received a stock reply that said: "Thanks for contacting us! We have received your request and will contact you shortly. In the meantime, we encourage you to follow us on Instagram, Facebook, Twitter and Linkedin to stay on top of what's new."

Collabera has more than 70 offices globally, according to information on its website. It has operations in the US, Canada, the UK, Australia, Ireland, Poland, India, Malaysia, the Philippines and Singapore.

The company was set up in 1991. Of itself it says, "We're disciplined in daily work. We're responsive, and ready to find answers to every question. We're passionate about our work, our teams, and our goals. We're insanely competitive: we push harder, perform better, and create a lasting impact. We work hard, and we play hard."


The Collabera leak listed on the Maze website. Supplied

That does not seem to extend to responding to media queries.

In an internal email reported by the British website, The Register, Collabera was quoted as telling its staff that it had "promptly restored access to our backup files and immediately launched an investigation to determine the nature and scope of the event".

This could indicate the company paid only to prevent publishing and to get its name off the Maze leak site to prevent news of the infiltration spreading. This also means that the company is unlikely to be aware of what information was stolen by the Maze attackers, apart from the one zipped file that was posted online.

Contacted for comment, iTWire's regular commentator Brett Callow said: "Companies that have data exfiltrated are without any good option. Whether they pay the ransom or not, they've been breached. Payment will simply get them a pinky promise that the stolen data will be destroyed - and that pinky promise will be coming from a totally untrustworthy criminal extortionist.

"And why would criminals ever destroy data that they may be able to use or further monetise at a later date? The answer is that they probably wouldn't.

"These incidents are happening far too frequently. Companies need to do more to protect the data that is entrusted to them. They also need to stop paying the criminals. Ransomware is a problem for one reason and one reason only: companies keep on paying. If they stop, the problem will go away," added Callow who works as a ransomware threat researcher with the New Zealand-headquartered security firm Emsisoft.

Subscribe to Newsletter here


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News