Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

'Maze' Ransomware attack on giant IT services world-wide

 

Systems Affected



Threat Level


Medium


Overview


A new ransomware called 'Maze' targeting IT services world-wide


Description


'Maze' ransomware, previously identified as "Chacha ransomware" first appeared in May 2019. The sole purpose of the ransomware is to encrypt the files and then demand a ransom to recover the files. Unlike other ransomware 'Maze' will release collected data on the public domain if the ransom is not paid.


Reference: Map of Maze Infection

'Maze' is mainly exploiting remote desktop connections with weak passwords or through email impersonations. Normally these emails are attached with a macro enabled word document and the macro is utilised to run the malware.

List of file extensions that the malware ignores are: .LNK, .EXE, .SYS, .DLL and after encrypting all the files, the victims' desktop will change as shown below;


Reference: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/


Impact


  ✻  Loss of important files and documents of your company's data
  ✻  May result in complete shutdown of your company's operations
  ✻  Financial loss
  ✻  Damaged to your company's reputation


Solution/ Workarounds


  ✻  Implement proper backup policies and adhere to them strictly
  ✻  Never pay the ransom
  ✻  Have offline backups of important files
  ✻  Update and install latest security patches on installed 3 party software
  ✻  Keep your virus guard and operating system up to date


References


  ✻  https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/
  ✻  https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.