- The infamous ransomware gang added the 84-year-old power tool manufacturer, MAX USA CORP, to its dark web leak site on February 15.
- They gave the company until March 2, 2026, to meet their demands, or they will publish stolen corporate data online.
- Word about the incident has not yet circulated and MAX itself hasn’t released an official statement regarding the security breach yet.
MAX USA CORP, a legendary name in construction tools, is allegedly the latest victim of the LockBit ransomware gang. The hacker group posted the company’s name on its dark web port, with a digital clock now ticking down to a potential data dump.
They posted the alert on February 15, 2026, and set the deadline for March 2, 17:25:27 UTC. This gives the New York-based manufacturer just 14 days to respond.
If MAX USA doesn’t comply or pay up, LockBit claims it will unleash sensitive files onto the public. For a company that’s been equipping professionals since 1942, such a thing is a big threat to MAX USA’s legacy and operations.
MAX USA: The Latest Target for Ransomware Attack
MAX USA is more than just a hardware supplier. With their headquarters in Plainview, New York, they are the brains behind many iconic tools. MAX is the maker of the world’s first roofing nailer in 1982 and the first battery-operated rebar tier that rolled out in 1993.
Their tools hold up skyscrapers and frame houses across the Americas. Losing control of their data could mean exposing proprietary engineering patents, client contracts, or even employee records.
Although MAX USA makes tools, they operate in a sector you could tag as critical. They manufacture steel and concrete tools for construction, which are very important for infrastructure. If LockBit stole schematics or supply chain data, it could be a field day for competitors or hostile actors.
Meanwhile, something similar to MAX’s situation has happened before. LockBit claimed they stole 3,000 SpaceX proprietary schematics from a third-party supplier in 2023. If they can breach a company handling rocket parts, a power tool firm’s R&D is no exception.
LockBit operates with a pretty straightforward model. Break in first, then encrypt files, steal data, and demand that the victim pay cash for them to release it. If MAX USA refuses, the gang will likely dump HR files, financial audits, and internal emails online. That kind of exposure can freeze partnerships, spook insurers, and tank their stock value.
The Ghost of LockBit Past
You’d think LockBit would have slowed down after 2024, when the FBI and the UK’s NCA went after them with Operation Cronos. During this operation, the authorities seized the gang’s dark websites and even developed decryption tools to help thousands of victims globally.
In addition, they indicted Russians like Artur Sungatov and Ivan Kondratyev, charging them with attacking manufacturing and semiconductor firms. The DOJ said LockBit had raked in over $120 million in ransom payments at that point.
But here we are in 2026, and LockBit is still very much in business. Towards the end of 2025, they dropped version 5.0 of their malware. With the new version, it’s now cheaper for hackers to join LockBit’s affiliate program.
LockBit bounced back after that global crackdown, which only goes to show how hard taking down ransomware infrastructure is — as evidenced by their ongoing extortion campaigns, including a recent threat to leak 80,000 Money Mart financial files on the dark web if the company refused to meet their demands. Just this January, the FBI seized RAMP, a dark web forum that hackers affiliated with LockBit were using to recruit new people and share tips. Despite this, these hacker groups keep thriving.
What’s Next for MAX USA?
MAX USA has a tough road ahead. First, they need to figure out what data LockBit has taken possession of. Is it timecards or blueprints for their high-pressure nail guns? Second, they have to decide whether to negotiate. Paying usually funds the next attack, but not paying could mean weeks of disrupted production.
Given their history of innovation, MAX USA can’t afford to have its intellectual property floating around Telegram channels. They’ll likely bring in federal negotiators and start scrubbing their systems. The company also has to worry about its partners—if LockBit leaked data, including vendor information, the entire supply chain could feel the aftershock.
For now, we wait for what comes next. The clock is ticking toward March 2, and MAX USA’s silence is getting louder by the day.
