author photo
By SecureWorld News Team
Wed | Jan 15, 2020 | 9:27 PM PST

Wouldn't you like to sue the so-and-so who infected your systems with ransomware, encrypted your data, and then stole it?

One of the world's largest manufacturers of cables and wires (like the ones inside your office walls right now) is suing its hacker or hackers, who remain anonymous.

The case has a rather unique name:

"Southwire Company, LLC vs. JOHN DOE, in Possession of Stolen Southwire Confidential Information, Thereby Injuring Southwire and Its Customers, Clients and Vendors."

Suing 'John Doe' hacker for a nuclear ransomware attack 

The lawsuit reveals some interesting facts about this case of nuclear ransomware.

Ransomware is "nuclear" when hackers exfiltrate your data, encrypt what remains on your servers, and then threaten your organization: we will publish your data to the world unless you pay the ransom. 

Regarding this case, a legitimate question might be: is there any point in suing an unknown hacker?

In this case, the answer appears to be yes.

Details of the ransomware attack against Southwire

The lawsuit has several redacted sections, including how, exactly, John Doe illegally accessed Southwire's network.

However, it spells out a number of things pretty clearly:

  • John Doe executed "Maze Ransomware" against the company's network, which encrypted data
  • John Doe also exfiltrated (stole) corporate data
  • John Doe used the stolen data to extort the company, which is a growing nuclear ransomware trend.

    "The defendant then demanded several million dollars to keep the information private, but after Southwire refused Defendant's extortion, Defendant wrongfully posted part of Southwire's confidential data on a publicly accessible website that the Defendant controls."

And that is a key piece of this legal puzzle. The company believes the hacker controls the website that is publishing its confidential data.

Legal angle: the point of naming John Doe in a hacking lawsuit

Richard Harris is a personal injury attorney, and in cases which you believe you will discover the true identity of those who have damaged you, he says it makes sense to name John Doe in your lawsuit.

He sums up two reasons why you might do this in a blog post on the topic:

  1. "The reason plaintiffs will name John Doe defendants in their complaint is because it can keep the statute of limitations from expiring. Naming a John Doe defendant will help you ensure that all responsible parties are held accountable."
  2. "After you file your complaint, the case will go into the discovery period. It is during this time that the identities of the John Doe defendants can be discovered. After you identify the people who were previously unknown, you can amend the complaint and add the person's name."
Southwire lawsuit against a hacker, filling in the blanks

The points that Harris makes appear to be the reason Southwire is suing John Doe. Says the lawsuit:

"Southwire is unaware of the true name(s) of Defendant sued herein as John Doe, and therefore, sues this defendant under a fictitious name. Plaintiff will amend this Complaint to name the true name and capacity of the Defendant when ascertained."

In other words, this gives the company time to fill in the blanks and eventually reveal the redactions that run throughout this lawsuit:


A final question in nuclear ransomware and extortion case

While this lawsuit moves forward, Southwire says it is concerned that John Doe will continue to publish its confidential corporate data on that website the hacker(s) allegedly controls.

Now, a question: could that website or its domain name registration (DNS) be the breadcrumb that gives the hacker or hacking group away?

Let's hope it is, for the sake of every company that John Doe is planning to hack in the future.

Related podcast: Uncovering a Cyberattack against the World Health Organization. Listen here, or on your preferred podcast platform.