September 15, 2020
By now, most people know what ransomware is, because more than enough businesses and organizations have had their systems locked down by it in one form or another. However, we are now increasingly seeing the rise of “ransomware as a service” (RaaS), where malicious vendors can actually “rent out” their toolkits on the dark web to any threat actor who wishes to deploy it in an attack. The ransomware known as Maze is a particularly dangerous variant of this that has been involved in many prolific attacks this past year.
What is Maze?
Maze is a nasty strain of ransomware that has infected organizations of all sizes and all levels of enterprise around the world. Currently, thanks to the COVID-19 pandemic, healthcare and research centers are very popular targets. However, multiple malicious actors have been actively deploying Maze ransomware since at least May 2019, and they have been going after both government and private firms, utility companies, schools and just about any other type of industry an attacker thinks to extort from. Typically, victims are infected with it by way of spam and phishing emails containing malicious links and/or Microsoft Office attachments. Exploit kits have also been used through numerous remote desktop protocol vulnerabilities.
How is Maze different from other types of ransomware?
Most forms of ransomware simply lock down your system with a ransom note that promises to unlock your files and/or your network if you pay the attacker money. With traditional ransomware, you’re usually fine as long as you have backups of everything. However, Maze takes it a step further.
Like other ransomware seen in the past, Maze spreads across a corporate network, infects every computer it finds and encrypts the systems’ data so it can’t be accessed by anyone. But what makes Maze more dangerous is that it also steals the data it finds and then uploads it to servers controlled by malicious hackers. After a successful attack, if the victim does not respond to ransom demands, the attackers either publish the encrypted data or sell it on underground forums. So, not only are you threatened with your system never being able to recover, but you are also threatened with having all your data published and/or sold to the highest bidder. This additional data hostage tactic is becoming increasingly common in other ransomware strains as well, such as REvil (also known as Sodinokibi).
How do you protect yourself from Maze ransomware?
As we mentioned above, common infection vectors used by Maze ransomware are phishing emails with Office attachments and fake/phishing websites laced with exploit kits. Everyone needs to exercise caution while handling emails from unknown sources, downloading Office attachments, enabling macros and clicking on suspicious links. Additionally, your organization’s systems need to be fully updated to patch out remote security vulnerabilities. Employees should be trained in the dangers of social engineering. Multi-factor authentication should be used for all login points, and a switch to a Zero Trust architecture is highly recommended.
Malware and ransomware as a service is growing, but that’s why our services exist as well. Do you have a concern? Call us, day or night. As your trusted cybersecurity partners, we are here to assist you with any and all measures that need to be taken to protect your organization from ransomware and other threats. We’ll help you keep your data, your employees and your business safe without ever having to pay a dime to criminals.