In the past few years, we have seen loads of Ransomware attacks. With the most popular being WannaCry. They have not just attacked companies, but also the personal computers of people.
One such Ransomware is Maze. The way a ‘normal’ Ransomware works is by encrypting all the files on the disc with a key and then asking for a ransom (money), usually in Bitcoin or other Cryptocurrencies to unlock the files.
Maze Ransomware has a few tricks up its sleeve
Maze Ransomware does the same thing, except it adds another way to extort victims who are unwilling to pay. To have more leverage over the victim, Maze also sends the data to the attacker.
The attacker can then threaten to leak this data to the public if they don’t get the ransom. Depending on the type of data, sometimes an organization has to give in.
The first victim of this Ransomware attack with extra toppings was Allied Universal, a California-based security services firm. Around 700 MB of stolen data was dumped after they refused to give the ransom demanded by Maze. Nowadays, most of the Ransomware has this method of double extortion if the victims are reluctant to pay.
Maze Ransomware: Characteristics
Maze Ransomware is made by altering a previous Ransomware by the name ChaCha. From December 2019, the gang behind Maze has been successful in making alot of high profile victims. These include around every type of domain: Healthcare, Government, Technology, Finance, Media, etc.
The main techniques for distribution that Maze uses are:
- Websites using exploit kits which are seen using Flash player vulnerabilities.
- RDP Brute Force Attacks.
- Spam emails with corrupted attachments (mostly word or excel files)
The next step for Maze Ransomware is to gain elevated privileges and start encrypting files in all the drives. However, before the encryption process, the files are sent to the attacker. These give the attacker(s) extra leverage on the victim.
Paying the Ransom
These Ransomware will mostly ask for payments in Crypto Currencies like Butcoin or Etherium so as to stay anonymous. We will always advise our readers to not pay any cybercriminal(s) as you’d give them more privilege in doing this again. However, we understand that there might be confidential files at risk. With the new possibility of a data breach, there is an extra reason for meeting their demands. We hope that you’d do the needful to proceed with caution.
Protecting Yourself Against Ransomware Attacks
Keeping your data safe in your own hands. These are some tips you should follow to keep your data safe:
- Never open emails from anyone suspicious, or any email attachments you weren’t expecting.
- Always use and Anti-virus software with a good Ransomware Protection and keep it up to date. (Even Windows Defender is a good solution)
- Block any open ports to your system if they’re not required.
Our prime motive is to keep you updated and secure from these kinds of attacks so that you may not fall victim to the next famous Cyber Attack.