The conventional wisdom regarding ransomware attacks has been to be prepared with adequate system backups and not to pay the ransom. After all, when dealing with criminals there is no guarantee that they will return your data. Well, many must have heeded that advice because cyber criminals have just upped the ante; enter Maze Ransomware!
Here are your fast 5 things to know about Maze Ransomware:
Maze Ransomware is a new strain of ransomware with a twist, pay up or your data goes up…on a public website. According to Trend Micro, the FBI recently released an advisory to U.S. companies stating that the cyber criminals, known as Maze, used multiple methods of entering victim networks, including fake cryptocurrency sites and malspam (malware delivered via email). Trend has posted the indicators of compromise for Maze on its site, referenced below.
KrebsOnSecurity reported the following data related to the victim companies on the Maze’s public shaming site:
Bleepingcomputer reported as of January 3 the shaming site, hosted in Ireland, had been removed. However, it seems reasonable to expect it will pop up again somewhere, sometime.
Use your best judgement depending on the specific circumstances, but here’s an interesting take on this question: according to Lawrence Abrams on Bleepingcomupter, “Ransomware attacks are now data breaches….criminals state that they are familiar with internal company secrets after reading the company’s files. Even though this should be considered a data breach, many ransomware victims have swept it under the run in hopes that no one would find out.” A position that it is not a breach would become difficult to maintain when company files are posted on a public site.
Bleepingcomputer, who reports having seen the FBI advisory, states Maze has been operating since early 2019, but was first observed in the U.S. in November 2019. Among the reported victims are the City of Pensacola and Southwire, a cable and wire manufacturer. In an interesting turn of events, Southwire has filed a lawsuit in Georgia, against the Maze cybercriminals who were named as “John Doe” as their identity is, of course, still unknown.
As always, basic cyber hygiene is the best bet. Trend Micro recommends the following measures:
Additionally, we recommend practicing your Incident Response Plan with various ransomware scenarios. If you’re interested in assistance with this, please contact us at support@bedelsecurity.com or 833-297-7681.
If you do find yourself up against Maze Ransomware, the FBI and Trend still recommend against paying the ransom pointing back to the conventional wisdom regarding dealing with criminals mentioned earlier.
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/