MAZE Ransomware Explained - Facts, threats, and security strategies.

MAZE Ransomware Explained - Facts, threats, and security strategies.

Facts, threats, and security strategies

July 03, 2020 I Dr. Jitendra Mohan Bhardwaj

In the current work from home environment, one of the major threats we have seen is the increase of ransomware attacks on the individuals and organizations (over 148% since the start of the pandemic in January 2020). Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few thousand dollars to millions, payable to cybercriminals in Bitcoin. Some of these ransomware attacks which we faced and defended over last 4 months are Maze, Thanatos, Ryuk and FTCODE ransomware.

I would like to specifically talk about Maze ransomware today . Like other ransomware seen in the past, Maze spreads across a corporate network, infects computers, and encrypts data so it cannot be accessed. However, what makes Maze more dangerous is that it also steals the data it finds and moves it to servers controlled by malicious hackers who then threaten to release it if a ransom is not paid. Hence it is combination of RANSOMWARE ATTACK and A DATA BREACH .This is much worse than being hit by normal ransomware attack. Recently one of the  Major IT Organization had to pay over USD50M due to this attack, and they also lost some of their largest clients. One of the major automobile manufacturers has been affected by this attack last week. Please note that we have all the necessary tools and 24X7X365 monitoring in place to prevent such attacks , however individual awareness always remains a big concern in cyber security.

Following are the most common methods of ransomware attacks:

Signs your system may have been infected by Ransomware:

  • Your web browser or desktop is locked with a message about how to pay to unlock your system and/or your file directories contain a "ransom note" file that is usually a .txt file
  • All of your files have a new file extension appended to the filenames -Examples of Ransomware file extensions: .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .encrypted, .locked, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .SUPERCRYPT, .CTBL, .CTB2, .locky or 6-7 length extension consisting of random characters.

How to protect individual and organization data from ransomware attacks

  • Follow the best practices to avoid phishing attacks.
    • Don’t click links in emails from unknown senders or open attachments. Report the emails.
    • Do not enter sensitive information in pop-ups or non-organizational websites.
    • Ensure a Web address has HTTPS in the address bar instead of just HTTP.
  • Have latest Anti-Virus, security software, and operating system updated on your machine.
  • Always keep backup of your laptop data on cloud.
  • Remove plugins and add-ons.
  • Do not use your official laptop for personal work.
  • Report The Incident immediately   - It is important that incidents are reported as early as possible so that organization can limit the damage and cost of recovery.
  • Please go through Information security Policy and Social Engineering Policy for your organization.

An important point to note is that protecting Organization data is shared responsibility by all individuals. Simple precautions taken by everyone help keep individual, organizational, and client data safe and secure.