On December 30th, 2019, London Offshore Consultants, a London-based shipping firm, fell victim to a ransomware attack orchestrated by the Maze Group. The attack resulted in 400 employees' computers freezing, with hackers claiming to have exfiltrated 300GB of company data. The Maze Group, known for deploying malicious cryptocurrency sites and phishing emails impersonating government agencies, published stolen data samples online and demanded a $6.1 million ransom in Bitcoin. Despite regulatory requirements to report breaches within 72 hours, the company delayed notification to authorities for two weeks. The incident exposed critical internal data, disrupted operations, and posed severe financial and reputational risks. The FBI linked the attack to Maze’s multi-vector intrusion tactics, though it remains unclear whether the ransom was paid. The breach underscored vulnerabilities in the firm’s cybersecurity defenses and compliance protocols.
TPRM report: https://www.rankiteo.com/company/london-offshore-consultants
"id": "lon656092125",
"linkid": "london-offshore-consultants",
"type": "Ransomware",
"date": "6/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'shipping/consulting (offshore)',
'location': 'London, UK',
'name': 'London Offshore Consultants',
'type': 'private company'}],
'attack_vector': ['malicious look-alike cryptocurrency sites',
'malware email campaigns (phishing impersonating government '
'agencies and security vendors)'],
'data_breach': {'data_encryption': True, 'data_exfiltration': True},
'date_detected': '2019-12-30',
'description': 'On December 30th, 2019, London Offshore Consultants, based in '
'London, UK, was hit by a ransomware attack claimed by the '
'Maze Group. The attack resulted in 400 employees having their '
'computers frozen. The hackers claimed to have stolen 300GB of '
"the company's data and published samples of it on their "
'website. A ransom of $6.1 million in bitcoin was demanded. '
'The FBI noted that Maze Group typically uses multiple '
'intrusion methods, including malicious cryptocurrency sites '
'and phishing emails impersonating government agencies and '
'security vendors. The company reportedly delayed notifying '
'authorities by two weeks, beyond the 72-hour requirement.',
'impact': {'brand_reputation_impact': 'likely negative (public data leak, '
'delayed disclosure)',
'data_compromised': '300GB',
'legal_liabilities': 'potential (delayed authority notification)',
'operational_impact': 'significant (computers frozen, data '
'exfiltrated)',
'systems_affected': '400 employee computers frozen'},
'motivation': 'financial (ransom)',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': '$6.1 million (bitcoin)',
'ransomware_strain': 'Maze'},
'references': [{'source': 'SkyNews'}, {'source': 'FBI (Maze Group tactics)'}],
'regulatory_compliance': {'regulations_violated': 'likely (delayed 72-hour '
'breach notification '
'requirement)',
'regulatory_notifications': 'delayed (notified '
'authorities two weeks '
'post-incident)'},
'response': {'law_enforcement_notified': True},
'threat_actor': 'Maze Group',
'title': 'Ransomware Attack on London Offshore Consultants by Maze Group',
'type': 'ransomware'}