Since May 2019, malicious actors have been deploying the sophisticated Windows ransomware Maze that does not stop at encrypting a private organization’s data, but also steals the same data and threatens to release it to the public and the media if ransom is not paid.
This is according to security Kaspersky who noted that when organization fails to pay the ransom, these bad actors also sell the stolen information on the dark Web, stock exchanges, or the victim’s clients. The Maze ransomware gang built the malware by taking into account that companies have extensive and sophisticated backup measures that function to counter typical ransomware attacks.
“We are monitoring an uptick on Maze detections globally, even against a few companies in Southeast Asia, which means this trend is currently gaining momentum. While the public shaming part of the attack adds to the pressure of bowing to the demands of these cybercriminals, I strongly advise companies and organizations not to pay ransom and to involve law enforcement agencies and experts during such scenarios,” said Vitaly Kamluk, director for Global Research and Analysis Team Asia Pacific at Kaspersky.
“Remember that it is also better to have your data backed up, your cybersecurity defenses in place, to avoid falling victims to these malicious actors.”
Maze has a website where it posts its “new clients” which are basically companies who failed to pay ransom, or are in the process of doing so. As proof that all entries are true, the website contains links that contain some of the stolen data, either as a teaser for other actors who want to purchase it or as a warning to the victim.
As a remedy, Kamluk endorsed the Kaspersky Attribution Engine so that organizations can identify new and undetected malware. He also added that organizations can make backups, simulate attacks, prepare for disaster recovery, cooperate with law enforcement, trains remote-working staff, be updated with threat intelligence services, and monitor any software activity across all endpoints.
“The year 2020 is not like any other. This year is not only the time of changes, but it changed the time itself. It changed the way we travel, the way we shop, the way we interact with each other. The computer threat model has evolved since COVID-19 started,” he said.