Cyber Incident Victim: PeroxyChem

On April 24, 2020, PeroxyChem, a Philadelphia-based specialty chemicals subsidiary of Evonik operating globally with approximately 550 employees, experienced a ransomware attack attributed to the Maze cybercriminal group. The attack partially disrupted the company’s core corporate infrastructure and compromised a limited number of user endpoints. Maze publicly claimed responsibility by listing PeroxyChem on their dedicated victim disclosure website on April 23, one day prior to the operational disruption becoming apparent to the company. PeroxyChem confirmed the incident through a security notification dated May 1, 2020, which was published on their corporate website and distributed to all clients and vendors regardless of potential data exposure. The company characterized the event as a ransomware attack but did not specify whether data exfiltration occurred prior to encryption or identify the exact systems impacted beyond generalized infrastructure references.

PeroxyChem initiated immediate recovery efforts following the attack, though the notification did not detail specific containment measures, forensic methodologies, or third-party incident response partnerships. The company issued a blanket apology to clients and vendors for potential inconveniences, emphasizing transparency by proactively communicating regardless of confirmed data compromise. Their public statement contained no indications of ransom negotiations or payments, aligning with Maze’s practice of listing non-paying victims on their platform. The attack’s operational consequences remained undefined in available disclosures, with no reference to production downtime, supply chain interruptions, or financial losses. PeroxyChem’s global footprint across North America, Europe, and Asia suggested potential multinational coordination challenges in remediation, though incident documentation did not elaborate on regional variations in impact or response.